Vol. 2, No. 19
TODAY'S LESSON: Site Security

As Kevin Mitnick was cracking his way through government websites in the '80s and '90s, the FBI cast him into a cyber boogie-man that could bring down the US economy with a single keystroke. The reality was somewhat less catastrophic, but Mitnick did cause his share of havoc before his arrest in 1995.

Following Mitnick's lead, a whole generation of hackers has emerged and their curiosity can lead to your website's ruin. 'LoOpEE666' might not have it in for you yet, but there's a decent chance someone will take a crack at your site somewhere down the line. Are you prepared?

Website security doesn't have to be super complicated, and if you take a few precautions, there's no need to stay up monitoring server logs every night.

>>> Batten Down the Servers <<<

The first step that most network admins use to combat hackers and other unwanted guests is to set up a firewall, which follows predetermined rules for allowing certain traffic to pass, while blocking other traffic.

"Firewalls on the Cheap"
Using Linux to set up a firewall is an easy and inexpensive way to secure a server.

"IP Masquerade Ball"
If configuring a firewall isn't your idea of a fun Saturday afternoon, setting up an IP masquerade is another form of security.

"D@$a Enc&pt*on"
A fundamental part of most any security system is encryption. But what the heck is it? This'll tell you all about it.

"Patch it Up"
Responding to complaints about all the patches and updates needed to secure its servers, Microsoft recently launched a security project called the Microsoft Personal Security Advisor (MPSA). The free Web-based tool scans computers, looking for any security problems in installed Microsoft software. Of course, the results may engender yet more ill will against the company.

>>> Data Security <<<

Aside from setting up safeguards like firewalls, the next best form of security is to back up your important data. This could mean setting up a mirror hard drive, or simply copying information to a Zip drive or CD every week.

"Got Yer Back?"
Most likely, you will be backing up software, databases, documents and spreadsheets, and files on your central server or Web server if you have one.

"Secure Transactions"
If you're going to set up an online store, you'll need an Internet merchant account to process secure credit card payments. In order for a transaction to be secure, it must be transmitted electronically from your site in some form of encryption. The most common form is secure sockets layer (SSL), which provides privacy, authentication, and message integrity.

1. Sometimes crackers play on the notion that most people choose passwords that are easy to crack, like any word found in a dictionary. Words like "hopscotch," "meteor," or "porcupine" may seem like nice, hard-to-guess and easy-to-remember non sequiturs, but they're all bad passwords because most password-cracking software cycles through a dictionary. If your password is anywhere in that dictionary, then say bye-bye to your sensitive data. Better passwords are alphanumeric and nonsensical, such as "1Am*Sh$b" or "BA8Hw2Lq."

2. One of the easiest ways to scramble a hard drive or otherwise damage your machine is by opening email attachments that have viruses inside. So as a rule, never open attachments from unknown email accounts, and discourage your friends from sending unexpected attachments in emails.

3. If the high price of gas gives you the blues, start collecting used vegetable oil and create your own Bio-diesel. It burns cleaner than regular gas and will tempt you to eat more fatty, fried foods at home. That's what I call a win-win.

Handcrafted Archive