Fight the Hackers – why and how
Your website is a window between the outside world and the information that you wish to share. Unfortunately, there are entities that will do everything in their power to force open that window and steal whatever they can.
Hackers have been causing turmoil on the Internet since the beginning of computer history. In fact, the term “hack” was first used in 1955 for messing around with computers. In 1983 the US Supreme Court discussed Internet hacking and in 1984 the US Secret Service was given authority over the newly formed Comprehensive Crime Control Act dealing with hacking and computer fraud.
Usually when we think of websites being hacked our association is either bored teens or malicious men sitting in dark rooms plotting evil. While that may be true, our favorite example is something that was carried out a few years ago by Britain’s MI6. They hacked Al Qaeda’s website and when people tried to download Al Qaeda’s “recipe” for homemade pipe bombs, they received a recipe for cupcakes from Ellen DeGeneres. [1]
How do Hackers Break In?
There are many different ways that your site can be susceptible to break-ins. The most prevalent type of web vulnerability is when a hacker plants or injects an app that will access the database through unfiltered input on your website. Filtered input is simply input that is verified using SSL certification, which we will talk about below. You should always verify that all input into your website is filtered. [2]
Two terms that are frequently used and misused when talking about website security are authentication and authorization. While both are essential for your site’s security, they are often mixed up. To make matters worse, both are usually abbreviated “auth”. Authentication is being aware of who the user is and authorization is knowing who is validated for what options. These hacks most commonly occur in the website’s back-end databases.
Another common entryway for hackers is security misconfiguration, which includes several types of vulnerabilities all related to a lack of attention to, or a lack of maintenance of, the web application and its infrastructure. A secure configuration must be defined and deployed for the application itself, as well as for the application server, web server, database server, and hosting platform. A security misconfiguration anywhere along this chain lets hackers access private data or other sensitive features and can result in a compromised system. [3]
How Can We Fight the Hackers
Fortunately, there are many steps that can be taken to enhance web security. First and foremost, whoever is responsible for the site’s security must be vigilant at all times. This include
• Keeping your software up to date
• Deleting any files, databases, or applications from your website that are no longer in use
• Having a strong password policy
• Encrypting log-in pages
• Using a secure web host
• Backing up your data
• Making sure that your SSL certification is up to date. [4]
What is SSL Certification
SSL, an acronym for Secure Sockets Layer, is the industry standard for encrypting the link between a web server and a browser. The encryption ensures that the link between the server and browser remains private. A padlock icon in the address bar signals that the SSL protocol has been implemented and the session is encrypted. A click on the padlock icon displays details about your SSL Certificate. SSL Certificates are issued to companies or legally accountable individuals only after proper authentication. [5]
The certificates hold information on two encrypted keys a public key and a private key. The two keys need to match to open a secure link over which information can be safely sent between the browser and the server.
There is an initial fee and a yearly charge for the SSL Certificate. The fee varies depending on the company that issues the certificate, the type of certificate, the domain(s), and what type of encryption protocol is used. For example, TLS (Transport Layer Security) uses a stronger encryption algorithm and is costlier than a regular SSL Certificate. You can purchase a single-domain, low assurance SSL Certificate for as low as $5.00 annually, and this may be good enough for a simple website where there is no user information to protect. On the other hand, “Super Certification”, which warrantees your data’s security for as much as $500,000, could cost as much as $700 a year.
One should be aware that Google always ranks websites with low SSL assurance below sites with a stronger SSL Certificate. To ensure proper web search optimization, make certain that you have the proper SSL Certificate for your business.
A Final Word to the Wise
Make sure that the person responsible for your website’s security is pedantic. Virtually all holes can be plugged against hackers if proper care is taken.
Make sure that you renew your SSL Certificate every year. Nothing is going to scare away customers quicker than a notice about an invalid certificate.
To truly sleep well at night, leave your website security in our hands, the hands of professionals. Your web security is our business.
References
[2] https://www.toptal.com/security/10-most-common-web-security-vulnerabilities
[3] https://www.commonplaces.com/blog/6-common-website-security-vulnerabilities/
[4] https://www.commonplaces.com/blog/8-simple-ways-to-improve-your-website-security/