Re: Web Hosting / and Site Security Question

From: Steve (securityfocus_at_delahunty.com)
Date: 10/12/04

  • Next message: Abe Usher: "MonkeyShell: using XML-RPC for access to a remote shell"
    To: "Mailing Lists" <itmaillist@gmail.com>, <security-basics@securityfocus.com>
    Date: Tue, 12 Oct 2004 11:48:04 -0400
    
    

    It can't hurt to use SSL as you suggest.

    I would recommend checking out firms like Digex, AboveNet, and ServerVault
    for secure managed hosting. Maybe even consider RackSpace. But expect to
    pay much more than lower end providers. Check out TruSecure certified
    firms, such as ServerVault.

    ----- Original Message -----
    From: "Mailing Lists" <itmaillist@gmail.com>
    To: <security-basics@securityfocus.com>
    Sent: Friday, October 08, 2004 2:35 PM
    Subject: Web Hosting / and Site Security Question

    Hello,

    I am doing work for a small / mid sized company that is going to begin
    using their website more actively. I have a few questions regarding
    security and hosting issues.

    First off we are going to use a third party to host an application
    that will collect information from clients and customers. On our site
    we will provide a link that will take customers and clients to that
    secured site. We have done thorough Vendor Management and we are
    confident that this company is secure and reliable. My question is
    does it make sense / is it necessary to incorporate SSL onto our web
    page. Specifically I am concerned with the page that contains the
    link to the third party website. My thought is that the page that
    contains the link to the third party application would be digitally
    signed and secured so that users are assured that the link provided is
    the intended link. Does this actually add security? Is this going to
    provide any real protection against phishing scams and the like? What
    are the Pro's and Con's? Are there any better solutions,
    methodologies for adding security in this circumstance?

    Secondly, this company has been using a mom and pop shop for web and
    email hosting since its inception. Now that the web page is going to
    be used more actively for promotional use and the company is growing
    in size I believe there is a need to start being more security minded
    about the hosting of the site.(i.e. potential for defacement, et al)
    I would like to find a company that can host the website and email
    that does annual security assessments and penetration testing, and can
    provides us with SAS70 Type II or similar documentation. Any
    recommendations about companies that you have used or worked with
    would be greatly appreciated.

    Thanks in advance for your responses!


  • Next message: Abe Usher: "MonkeyShell: using XML-RPC for access to a remote shell"

    Relevant Pages

    • Re: Anyone hear of ANSA (Asp.Net Security Analyser)??
      ... you if your servers that provide Asp.Net shared hosting ... ANSA (Asp.Net Security Analyser) is not a commercial ... results will tell us if your servers are secure or not. ...
      (comp.security.misc)
    • Re: Ten least secure programs
      ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
      (Security-Basics)
    • "An Asp.Net accident waiting to happen" - Draft article
      ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • RE: Why Easy To Use Software Is Putting You At Risk
      ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
      (Security-Basics)
    • Why Easy To Use Software Is Putting You At Risk
      ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
      (Security-Basics)