A Primer on Web Hosting and Cloud Security

by

Some experts say that security breaches in web-based systems are not a matter of ‘if’, but of ‘when’. It’s true that hackers have a certain advantage on people trying to protect a web hosting or cloud-based application. If there are vulnerabilities or bugs in the hosting platform being used, hackers have a window of opportunity from the time they learn about the problem till the time it finally gets fixed. But whether you think it’s ‘if’ or ‘when’, good security makes sense. Not only does it protect your data, but it also protects your reputation with visitors who connect to your website or application.

What Does Your Web Hosting Company Provide?

Basic levels of protection can include firewalls and anti-virus and anti-spam software. Firewalls sit between the provider’s data center and the outside world. They inspect data that is sent from one side to the other. According to certain rules, they may consider some data to be suspicious or dangerous, and block that particular communication. One example is the detection of data packets presented as coming from a legitimate source on the Net when in fact they are being sent from another source (the hacker’s computer). Anti-virus software as its name suggests identifies computer viruses and other malware. It isolates dangerous programs and alerts users about the situation. Anti-spam software fights spam or unasked-for email, which is also a major way that computer viruses get into a system in the first place.

Which Web Hosting Security Can You Control?

Besides the mechanisms above, your web hosting provider may also provide you with an online administration interface for running web sites and email, installing website databases, and making backups. This interface may give you considerable scope and functionality, which means that it is also important to protect it against attack. Examples of such interfaces include cPanel, H-Sphere and Plesk. Basic security measures include defining a secure password, using secure (encrypted) access when you connect as an administrator to use the interface, and shutting off any risky access to scripting languages on your web hosting platform like PHP that a hacker could user to gain control of your web hosting installation.

What about Security Problems in Your Own Website or Application?

Security breaches often happen because attackers exploit weaknesses that allow them to slip hidden commands into otherwise normal user input. This may let them take over control of your system or download confidential data. For example, they can try a ‘stealth attack’ on software you’ve written for data input and output with a standard (SQL) web database (an ‘SQL injection’ or SQLI attack.) Another frequent technique is the ‘Cross Site Script’: hackers use a weakness in a website to install a malicious script, for example, under cover of an innocent looking link. An unsuspecting visitor clicking on the link (installed on your webpage) will then download the script to his or her computer, where it can start to initiate different actions or look for different kinds of data to send off to the hacker.

Security Breaches are not only Technical

Hackers can use different technical tools to try ‘brute force’ methods of uncovering secret passwords and account information. But many of them know that a little ‘social engineering’ can often get them the information far quicker. An example is masquerading as a support engineer and asking users or administrators for their password ‘in order to fix a problem with their account’. The moral of the story is that in order to have the best chance of thwarting an attack, pay attention to all the possibilities. That includes potential weaknesses in applications or operating systems, suspicious email or that ‘innocent’ phone call to try to get you to hand over the keys to your web kingdom.

Newsletter Signup
Hadley Jones

Hadley Jones


Hadley Jones is a 20 year veteran of the IT industry, having worked in support, technical writing and marketing roles throughout his career. He now writes about IT and cloud computing as regular contributor to... See the full bio
  • Williamson

    Interesting article, hackers are now targeting all major corporations big and small, most of the breaches today are a result of basic administrative lapses and negligence which can be corrected with minimal effort and technology. I work for McGladrey and there is a whitepaper on it offers good information on the above discussed topic readers will find it helpful. Two common Web application attacks illustrate security concerns