In hopes of sharing some of my knowledge in the Network and Security realm, I thought it would be fun to post tips.
For anyone who runs a website, site security is something that you are going to have to address in one way or another. This might be proactively looking at the site from an external user point of view, or responding to a security incident in which you site has been hacked or compromised in some fashion.
Like all security, be it network, physical, or personal, there is no one silver bullet that is going to handle all of your needs. For site security, this means addressing things such as:
- Physical security of the system on which the website is housed
- Network security of how the system is connected to the outside world
- System security for the operating system that is is running on, including making sure security patches and subsystem components are up-to-date.
- Site compartmentalization, i.e., if someone breaks in to one part of the site, how much access might they easily gain to other parts (database, other servers, etc.).
This first tip focuses on what you can do about system security of your site. Doing an online scan of your site will help determine if any malware or other malicious code is attached to your site in anyway. This is a good indicator if your site has been compromised. Some good online scanners include:
- http://app.webinspector.com/
- http://www.avgthreatlabs.com/website-safety-reports/
- http://quttera.com/
They all have free options for running them manually, which you can easily do on a regular basis. Or, if you have a larger number of domains or want deeper scans for your websites, most have paid options as well.