If you are reading this article, it's a good bet that you already have a website that matters to you, and you also aren't taking care of it the way you should. I know that sounds like a harsh way to start off an article I hope you will take the time to read through, but you are like hundreds of thousands of other website owners in this regard, so don't feel too bad about it. I am hoping to help you be in a better position and better protected.
The average website owner, who plans to make some money through their website, needs help. They may already be making a living, either directly or indirectly, through the efforts they've put into their website. They also very likely to be a sitting duck, waiting to be shot by a passing automated or directed attacker. The internet, known in everyone's awareness to be a dangerous place, is like a back-alley in a dangerous part of town. Except on the internet you don't just have to worry about people who might target you specifically, you also have to worry about those who have set up automated methods to seek out your vulnerabilities and abuse you.
The first thing you should worry about is not someone looking to get into your website and do bad things. It's improbable, but not impossible, that someone has put any mental effort into choosing you as a victim. Instead, your first priority should be the automated 'bots' that are constantly patrolling for weak websites and servers to exploit. In 2004, an experiment was ran by researchers who put a number of newly-installed, non-updated computers on the internet and started their stopwatch. In less than 4 minutes, the machines were infected with all sorts of nastiness and then used to seek out other machines for infection (1). A note on that number though...4 minutes was the average. Some Windows computers were hacked within 30 seconds...long before a computer operator could secure them with the latest patches from Microsoft. For what it's worth, Linux and Macintosh systems were never compromised in that experiment, though automated attacks for those operating systems do exist. There has been no sign of things getting better in the past couple years. Even before Windows Vista was released for public sale there were people able to attack it. For these reasons, no computer should be connected to the internet without being protected by a firewall.
All I've stated in the previous paragraph is about personal workstations, but it all equally applies to the server for your website. In this case, a computer is a computer. If you are on a managed server at your webhosting provider, you'd better hope they have updated the server and put some firewalling in place before it goes live. It's very likely they have, but it's always worth a question to them about the state of their security and whether they have an automated patching process in place so that newly discovered exploits are taken care of before the automated bots come to you.
Here's where things get sticky. If you've got even the slightest queasiness in the pit of your stomach right now about asking intelligent questions of your webhost provider, you need someone to ask those questions for you. I'll get back to who that is exactly in a second, though if you've read the title of this article you already know what I'll tell you.
Things get even messier the more popular your site is and how much resources you need to run it. At a certain point, you may find yourself requiring a colocation (a server owned by you but sitting on the racks at a webhosting provider) or a rented/lease server solution. In these cases, unless you purchase a service contract to maintain it from the webhosting provider, you are going to be responsible for the security of the server. Are you ready for that, muddling through applying security patches, blocking access to certain ports, managing automated and verified backups, doing security audits of the website code and having what could very possibly be tens of thousands of lines of log files emailed to you for inspection every day? Hooray for you if you are capable if this! Double-hooray if you are not, because you've just made my point. You need a system administrator and a fresh cup of your favorite beverage.
A system administrator is the person who watches out for your interests on the internet, like a security guard that also makes sure you aren't doing something silly like leaving your front door open or the keys in your car. Their responsibility is to verify that not only can the attackers not get in, but they aren't seeing enough information to know where your vulnerabilities lie. They are there to watch the reports of vulnerabilities and make sure your server is up-to-date to protect against automated and non-automated attacks. They've got the expertise to back up your important files and databases and keep them in a secured location, while verifying that the backups will actually restore properly to a new location if they attackers do find a way in (or the computer hardware fails, or any variety of other catastrophes). Not only that, but they can help you right from the start too...making sure the server you are planning on operating with has the required power to do the job you want it to do and is protected as much as possible against common but unexpected things like hard drive failure.
So, if I haven't sent you running for the hills and abandoning all technology, consider your current status and what you could lose if everything you currently have on the internet disappears, never to be seen again. Your need for a system administrator can be satisfied and you'll sleep better at night, having a guardian angel watching over your digital availability. You need a system administrator and now all you have to do is find a good one. That, I'm afraid, is a topic for another article.
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.