| Home | About Us | Web Hosting Plans & Pricing | Satisfied Customers | Support & Help | Contact Us |
| Active-Sites Support | ||||
|
Security Advisory Wallpaper Active-Sites makes no guarantees regarding the security of your account, as we do not require you to abide by all the security advisements we provide. We do, however, give you access to the knowledge necessary to keep your web site secure from modern security breach attempts. It is your decision and responsibility to make use of that knowledge. The perfectly secured web site is no website at all. That being said, no one can have a perfectly secured web site. What webmasters can do is weigh the functionality & security necessary for efficient use of their web site. Considering everything involved, webmasters can then decide on a mediated balance. The following sections will attempt to education you on the facets of web site security, giving you a better chance at fending off undesirable breaches into your account. This Whitepaper has six sections: Website Modification Web Direct Administration Receiving Email Sending Email Wrap up WebSite Modification : Top ------------------------------------------------------------------------ Methods Available: Microsoft Frontpage FTP (File Transfer Protocol) FTP over SSH (File Transfer Protocol over Secure Shell) Microsoft Frontpage The Microsoft Frontpage program includes a proprietary protocol which transfers files using the web server. To use these protocols, you must have a registered copy of Microsoft Frontpage & have special Extensions present on your account. Some of you may use Frontpage, in which case you are at a disadvantage regarding security. Frontpage Extensions are notoriously insecure, & have been excluded from the Apache site because of their nature. Please note we are not Microsoft bashers, however the point of this document is to inform. FTP FTP is not as inherently secure, & was not designed to be. You will find hundreds, maybe thousands of FTP clients out there, each of which focuses on functionality. With all FTP connections though, both your login information (username & password) and data are sent as clear text. Not very secure. FTP over SSH To resolve this issue, provides FTP over SSH, which allows you to connect to an FTP server using the widely-used SSH protocol. Using this method, all data is secured using a strong industry standard encryption method. There are several Secure FTP clients on the market, one of which is Secure FX, by Van Dyke Technologies, found at http://www.vandyke.com/. While it's not free, it works well & provides a solution for transmitting your web site back & forth securely. Direct Administration : Top ------------------------------------------------------------------------ Methods Available: Telnet SSH (Secure Shell) Telnet Telnet is by far the most popular protocol for direct administration. It is a command prompt style tool & includes no graphical interface. It's quick & easy and like FTP it was never designed with security in mind. As telnet is not inherently secure we do not support direct connections via this method. The following paragraph describes SSH which is supported and offers a much more secure method of direct administration. SSH SSH is the best way to go about direct administration. It is exactly like Telnet on the front-end, meaning use it's use is no different. Under the hood, however, SSH is extremely different. SSH, which has many practical uses, including FTP as listed previously, uses industry standard encryption methods & is nearly impossible to break. One of the best SSH clients available is also found at Van Dyke Technologies. (http://www.vandyke.com/). The client is called Secure CRT, & is very easily configurable. Receiving Email : Top ------------------------------------------------------------------------ Methods Available: POP (Post Office Protocol) APOP POP over SSH POP POP is yet another protocol that was not designed with security in mind. Like FTP & Telnet, all information, including Login information & content is sent clear text over the internet. APOP APOP is a slightly more secure version of the POP protocol, however not very much more. APOP encrypts the information sent & received, however the encryption method is still sent over clear text to begin with, making this method better, however not the best. POP over SSH To alleviate this issue, we once again turn toward SSH. In this situation, however, we use it in a slightly different method. SSH supports a useful function called Port Forwarding. Port Forwarding describes a function which lets any information over any particular port be secure when traveling between your computer & the server your connected to. Van Dykes Secure CRT is recommended for this functionality. Using this message, all information, including login & content will be encrypted using the same industry standard encryption methods as SSH & SSH over FTP. Sending Email : Top ------------------------------------------------------------------------ Methods Available: SMTP (Simple Mail Transport Protocol) SMTP over SSH SMTP SMTP is just as insecure as the POP protocol, likewise sent in clear text format. SMTP over SSH SMTP over SSH is the exact same method at POP over SSH, using the port forwarding functionality of SSH. This also requires a client such as the above mentions Secure CRT by Van Dyke Technologies. **Important note regarding email** Encryption of Email using the above methods only applies between your computer & the server. Once it is past the server and before it gets there, it is fair game & no encryption is used. If your data is extremely sensitive, & the livelyhood of you and that of a small nation are dependent on its integrity, you might want to look into PGP & the freely available plugins provided by Network Associations at http://www.pgp.com/asp_set/products/tns/pgp_freeware.asp. Web : Top ------------------------------------------------------------------------ Methods Available: HTTP (standard) SSL (Secure Sockets Layer) HTTP All web traffic is insecure, & rightly so. Encryption takes resources, including bandwidth & computer processing time. The graphics you download at yahoo.com have no need to be encrypted. There are some cases, however, where certain pieces of information need to be protected. One of these cases is when purchasing online. Your credit card is fairly sensitive so you should make sure whenever entering it that you are using the SSL protocol. SSL Your browser will automatically recognize this protocol (assuming the web site you are at is providing it) & use it when prompted. You know that you are using SSL by one of two ways: The URL in the address bar begins with https:// as opposed to http:// or something else. There is a closed lock in one of the bottom corners of your browser. Please note that the lock in the browser is determinent on the browser in use & may change from version to version. provides you with an SSL connection to provide with your web site. This link is generally in the following format: https://[ Machine Name ].diversehost.net/secure/[ Your Domain Name ], however it may vary from this. You will always be able to access your web site using either the standard method or SSL, depending on the format of the URL you use. For example, the following URLs reference the same document: http://www.[ Your Domain Name ]/directory/document https://[ Machine Name ].diversehost.net/secure/[ Your Domain Name ]/directory/document Wrap Up : Top ------------------------------------------------------------------------ There you have it. A quick security overview. If you want to know more, do a search for "web security" in any major search engine. You'll find anywhere from 1 to 3 billion documents regarding web security. |
|||
TODAY'S DATE: 2008-August-28, Thursday, 13:33:13
| Copyright 2008 ® Active-Sites.com All Rights Reserved About Us | Terms Of Use Policy | Privacy Policy | Web Hosting Packages Contact Us |
cheap web hosting by Active-Sites on linux web hosting affordable hosting solutions