Security Checklist PDF Print E-mail

Security is always a concern

On the Internet, security is a fast evolving and ever present challenge. There is no one right way to secure a site, and all security methods are subject to improvement, revision, and obsolescence at any time. Luckily, there are many well-established principles that can help. The following checklist points you toward current best practices.

The most important guidelines

This checklist is long because the full plot is thick and complex. But don't despair! Here are the essential guidelines for securing any Web site. Following these few pointers will protect your site from most catastrophes.
  1. Backup Early and Often: Setup (and use and test!) a regular backup and recovery process. When done well, this one practice ensures that you can recover from almost any imaginable disaster.
  2. Update Early and Often: Promptly update to the latest stable version of softwares and any installed third-party extensions. This one step ensures that your site is protected from all new vulnerabilities as soon as a fix is released, and from all new attacks methods as soon as a defense is developed.
  3. Use a secure host Of course the above advise applies to your entire infrastructure. Proper Web security is largely a Web hosting issue. Therefore, if security matters to you, use a high-quality Web host. Consider hiring professional assistance if you have no experience or knowledge in this area. Webmasterjm.com uses the highest level of host security in the industry.
There are many other important security considerations that you can learn about in this checklist and in the Security FAQ's.

There is no Web security!

There's no free lunch!

Don't be fooled by award winning ease-of-use. Maintaining a secure Web site on the open Internet is not easy. Adequate security requires a range skills and knowledge, constant watchfulness, and a very solid backup and recovery process.

There's no one right way!

Due to the variety and complexity of modern web systems, security issues can't be resolved with simple, one-size-fits-all solutions. You (or someone you trust) must learn enough about your server infrastructure to make valid security decisions. Strong security is a moving target. Today's expert might be tomorrow's victim. Welcome to the game...

There's no substitute for experience!

To secure your Web site, you must gain real experience (some of which will be bitter), or get experienced help from others. If you haven't invested the considerable time it takes to learn how to maintain a secure Web site, be sure you can consult with someone who has.

Encouragements

Start at the head of the herd

The Security Forums are filled with "Help! I've been hacked" posts by people who did NOT follow standard security practices. If you decided to study this checklist before your site is attacked, congratulation, you're already ahead of the herd.

It's not as hard as it looks

If this is one of your first Web sites, security considerations may seem intimidating, but you don't have to deal with all of it at once. As you become familiar with tools of modern Open Source Web development, such as GNU/Linux, Apache, MySQL, SQL, PHP,HTTP, CSS, XML, RSS, TCP/IP, FTP,
Subversion, JavaScript, you'll add refinements to your set of security tactics.

How to get help

If you believe your Web site was attacked, do not post in the forums. If there is a vulnerability, publishing that information could put other Web sites at risk. Instead, report possible security vulnerabilities to Webmasterjm.com.

How to read these documents

  1. Not all techniques are appropriate for every level of user. Apply the techniques you understand and read up on the ones you don't.
  2. Not all techniques are appropriate for every server. If you use a shared server, you will need to depend on the settings established by your hosting provider. If you are using a virtual or dedicated server, you will be able to apply more creative and exotic techniques.

Getting Started

Are you ready?

  1. Can you administer a dynamic, 24x7, world-accessible, database-driven, interactive, user-authenticated web server?
  2. Do you have the time and resources to respond to the flow of emerging Internet security issues? The Top 10 Stupidest Administrator Tricks is a comic/tragic look at what can go wrong. Don't learn these tricks the hard way! Depending on your recent experience, reading the Stupidest Tricks will either make you laugh or cry.
 

Security Menu

How Secure is Your Website
Security Checklist
Top 10 Stupidest Security Tricks
Website Hosting with Maintenance
Copyright © 2010. Website Design. Designed by Webmasterjm.com