1. At a time today when new websites are being hosted at quite a pace,proportional is the pace of hacking and defacing of these websites.Today you have a website maker in the market who may simply demand some Rs 500/ per page design and few more hundreds for hosting it...and we all are ready to do pay him....but at what price....is it simply the final handing over taking over of the password that closes the deal between you and the designer/hoster?....NO....I rate it equivalent to the toss....thereon the match begins.....just a matter of time depending on what all security parameters/variables/factors you took into consideration while designing it?
2. Specially concerned with web sites who have E-Commerce and transactions or who deal with handling database of huge sizes which can be critical later on, if compromised any time.The following factors should be noted down and infact dealt with seriously to be kept on high priority while designing and final hosting :
- Password /Data Protection : You must have a sound password and methods to protect all the DATA in place.
- OS/Server hardening : You use a windows or a linux....rest assured you must always used a hardened OS/Server.
- OS Selection : Create and design on any OS...today you can launch it on web.A more vulnerable OS which has had a history of hacks and known exploits should be avoided.
- DDoS Protection : Shared hosting servers are vulnerable to attacks by hackers who carry out their work by uploading malware or otherwise malicious sites or code onto a server. These malware programs be introduced to a server through security vulnerabilities in a legitimate client’s site, and the malware is used for anything from stealing credit card data to launching a DDoS, or Distributed Denial of Service attack.So think before you fire up your site.
- Spam filters : No explanations
- Firewalls : Must...so many types in market : Decide like what you r going to select a HARDWARE FIREWALL or a SOFTWARE FIREWALL.The selection is of crucial significance in deciding the overall security rating!!!
- BACKUP : You must have a way to keep backing up all your data.Some ploicy should be designed of what happens if owing to some kind of reason you loose all ur data....mirror or offline backup!!!!anything...but keep in mind.
- SSL enabled server : MUST
- SFTP: Though FTP is not that bad....but when SFTP is there....y bank on a relatively lower secured protocol......