The most
common
Website Security issues are;
1. Transaction Encryption: Data transfer from visitors browser to website can be encrypted by using an SSL certificate with a Dedicated IP, ensuring the data-transfer from visitor to website is secure.
2. Website Credibility: To demonstrate the credibility of a website to visitor, we recommend use of an EV (Extended Validation) SSL certificate. This involves the issuer (accredited 3rd party), validating the business entity to whom it issues the EV SSL. Thereby comforting the visitor that the website is not managed by a bunch of kids and is a legal business entity.
3. Provider Policy: All our services are covered by our privacy policy given at
http://www.indichosts.net/about-us/privacy.htm
4. Database Security: On a shared hosting server the level of data-security is lower, as by concept multiple shared-hosting-users are allowed access to server's resources. Such access is restricted to specific areas allocated to user, however in the dynamic world new exploits are found, developed everyday. We plug such issues using AV, FW & AML techniques as soon as an exploit becomes known.
Ideally sensitive data should be placed on a dedicated-server, so that multi-user access is disallowed by design, eliminating the risk.
5. Personnel: A server is accessed by server-administrators and NOC-technicians for time to time to ensure smooth functioning of the system. They are covered by contracts and our privacy policy for ethical behavior. However, for absolute data security, we recommend clients encrypt the data stored within the database.
Encrypted data will ensure that data is unusable, even if there is a breach of security protocol.
6. Backup Security: Server are just machines. Every machine has a life-cycle and anomalies. Therefore from time to time a server experiences hardware (ram, drive, cpu, power supply) issues. At times we have even experienced incident of fire, power-failure at NOC. Such events which are inevitable, may case data-loss or data-corruption issues. We maintain automated periodic-full-server-backups to ensure recovery from such events.
These have worked in 95% of the events. However at times the periodic-full-server-backups have not been current enough or have been themselves corrupted, hampering recovery. Hence, we highly recommend clients download a copy of their data emails, files, databases periodically to their local computer or a 3rd party system, as an added layer of security against such inevitable events.
Please donot be alarmed by the statements made above. Simple small steps, can ensure these threats are reduced to a level wherein you donot need to bother about them on a daily basis.
We as service providers deal with such threats on a daily basis and have been successful in maintaining security of clients data on our servers. We can assist in deployment of any or all such security protocols.
