Web Hosting / and Site Security Question

From: Mailing Lists (itmaillist_at_gmail.com)
Date: 10/08/04

  • Next message: Tyler, Grayling: "IIS 6 FTP" 
    Date: Fri, 8 Oct 2004 14:35:11 -0400
To: security-basics@securityfocus.com

    Hello,

    I am doing work for a small / mid sized company that is going to begin
    using their website more actively. I have a few questions regarding
    security and hosting issues.

    First off we are going to use a third party to host an application
    that will collect information from clients and customers. On our site
    we will provide a link that will take customers and clients to that
    secured site. We have done thorough Vendor Management and we are
    confident that this company is secure and reliable. My question is
    does it make sense / is it necessary to incorporate SSL onto our web
    page. Specifically I am concerned with the page that contains the
    link to the third party website. My thought is that the page that
    contains the link to the third party application would be digitally
    signed and secured so that users are assured that the link provided is
    the intended link. Does this actually add security? Is this going to
    provide any real protection against phishing scams and the like? What
    are the Pro's and Con's? Are there any better solutions,
    methodologies for adding security in this circumstance?

    Secondly, this company has been using a mom and pop shop for web and
    email hosting since its inception. Now that the web page is going to
    be used more actively for promotional use and the company is growing
    in size I believe there is a need to start being more security minded
    about the hosting of the site.(i.e. potential for defacement, et al)
    I would like to find a company that can host the website and email
    that does annual security assessments and penetration testing, and can
    provides us with SAS70 Type II or similar documentation. Any
    recommendations about companies that you have used or worked with
    would be greatly appreciated.

    Thanks in advance for your responses!

  • Next message: Tyler, Grayling: "IIS 6 FTP"

    Relevant Pages

    • RE: IIS
      ... Be aware that there are a myriad of security issues related to securing a ... wrote their code permitting exploits and even whether the website technology ... itself is secure. ... extensively recommendations on how to do this (searchable in this newsgroup, ...
      (microsoft.public.windows.server.sbs)
    • Ensuring that a sever and website are secure
      ... we would like to be as sure as possible that the servers and data on ... them are secure before we launch this service. ... Several people have recommended having a security audit done once our ... technical staff believe the website and servers are secure. ...
      (comp.security.misc)
    • using two firewalls
      ... If I belong to a certain domain www.abc.com and my website is ... www.abc.com is behind a firewall. ... For additional security ... site more secure? ...
      (comp.security.firewalls)
    • Re: security for Dll in vb.net
      ... I am making a desktop application in vb.net for the clients.I want to secure ... my Business logic layer's dll so that no one can decompile it with any of ... is there any solution for this or a third party ... component that will ensure security. ...
      (microsoft.public.dotnet.security)
    • RE: IIS
      ... Thanks, Tony. ... I'll take your advice and have my website hosted externally. ... > Be aware that there are a myriad of security issues related to securing a ... > itself is secure. ...
      (microsoft.public.windows.server.sbs)