09 Dec

News : Fast way to Protect Your Website!

news : fast way to protect your website

If there is a topic in the news that is important, it is to protect your website from threats and attacks on the network.

Although it is possible to reduce risk, it remains difficult to annihilate them. We must therefore think in terms of protective layers, one serving to reinforce the other. Again, for novices or when the budget is not at the rendezvous, it may seem difficult. Therefore, we recommend the following measures which they are acessible to everyone!

Quick and easy precautions:

SSL Certificate

The fastest and effective way to build your online security is to add an SSL security certificate. This level of encryption allows you to secure exchanges between your server and visitors.

This is required especially when it comes to sensitive information exchange, passwords or even treating some online forms with personal information.

Safety Certification solutions are not as expensive as before. Depending on your business, there are solutions for under $ 100 / year that will fully protect you.

 

Update

Updating the server that serves your files is also something on the first line of defense. Choose a web hosting company that puts the updates in the foreground!

 

Directory Tree and folder names

The website creation is a science where developers often use the same ways of doing things. Ask or make sure that administrators are accessing in directories by another title as “admin” or “wp-admin” if you are using WordPress.

When it comes time to choose your password, avoid “admin” and choose an alphanumeric password that you change regularly.

 

Firewall

A firewall is the first line of defense between the Internet and your server. There are as many versions of software than hardware that makes this work. We nevertheless suggest the WAF (Web Application Firewall). They are deployed in front of your server as a gateway, restricting bad web traffic and filtering your network. There are very useful against DDOS attacks. This solution provides for a few dollars a month, the peace of mind!

 

Whatever your decision, if you implement one or the other or all of these suggestions, you will have a more secure environment for your website!

Share this
23 Apr

Actual PULL BASED vs PUSH BASED Web Desing?

Some transformation is taking place in web designs. The way we navigate on  websites is currently known as the “PULL-BASED”. It implies that we are going to the sites, we seek information and we download what we like.

A new trend is at our doors, this is the “PUSH-BASED”, where the content and information will come to us instead of having to look for it.

Actual PULL BASED or future PUSH BASED Web Desing?

The tendency to “PUSH BASED” began with Facebook that allows us to see what is going on in the lives of people without asking them and is now continuing with specific applications or routines like the “PUSH NOTIFICATION”.

 

PUSH NOTIFICATIONS

PUSH notifications are in our lives since the IPhone. Everyone knows them. Small windows opens to inform us about new software update, a phone call missed, a SMS received.

The scope is no longer limited to the applications and on mobile devices. Now, PUSH NOTIFICATIONS may appear on desktop computers, such as Google has integrated it in Chrome, versions 42 and later.

The websites are now able to communicate with visitors during and after their visit. Obviously you need to give permission for notifications from your favorite websites, which opens a small window on the screen to ask for permission to provide you with these notifications.

 

The future of web sites, only applications?

We do not believe that the future of websites will transform them all in applications to download. The old PULL BASED WEBSITE will always have its place, even if he looses it’s featured place.

Although PUSH BASED has many benefits, the marketing process cannot be in only one direction. Effective communication involves two entities, the transmitter and the receiver. Furthermore, establishing in advance all customer expectations is a risk, faultly targeting the audience in this concept, will cause a big defeat.

Actual PULL BASED or future PUSH BASED Web Desing?

What is PULL and what is PUSH?

PUSH:

– Paying for ads on television, radio or printed distribution. You call a list of potential customers by phone. You post a discount coupon.

PULL:

– A blog, a free e-book about your expertise, marketing on social networks. A customer writes you an e-mail to inquire about your products. The client calls you because he saw your website.

These two forms of marketing, must coexist in order to maximize the potential of your products and services without forgetting the fundamental differences of each individuals. We are not all the same and we do not react the same way in the face of commercial solicitation, advertising, promotions or discounts.

 

PULL BASED vs PUSH BASED

The aim sought by the PULL is to intrigue consumers and present the information to motivate their actions.

In the notion of PUSH, identify the needs of future users and present them all the services in a mechanism.

Analysis of visitors and their habits is essential to make the PUSH BASED MARKETING. Apps are not mandatory. Notifications are sufficient to inform the user and the traditional website, even if he slows a bit, will always have its place.

 

Does the PUSH notion is fully developed?

No, not currently. Take for example PUSH notifications. They are only available on Chrome and Safari mostly. There is a small war to determine who will be the leader. The War between BETA and VHS resumes what’s happening now for the Push notifications on the market.

The leader will have to offer to all webmasters an API (A programming routine with a server) that will interact with all mobile devices on the market and desktop computers to satisfy wveryone.

Within a year, the PUSH concept will be a well-established notion in our opinion. For the moment, there are some APIs at Apple, Google and lots of extensions available to start on this path and become familiar with this trend.

 

Good and bad sides of PUSH NOTIFICATIONS

PUSH NOTIFICATIONS should be used with caution. Much like the POP-UP window who is in our lives for so long, if improperly used, it is a source of extreme frustration and users will do anything to get rid of it.

After trying the Google API, we decided here at Internet Cloud Canada not to proceed with PUSH NOTIFICATIONS on our website. We found “annoying” the fact to show a window in the corner of the browser asking for permission. We put ourselves in the place of our customers and have concluded that this type of “marketing” does not satisfy us.

By cons, we are actively working on a mobile application for our customers to offer them the choice of having notifications, news and access their client area via a mobile application. Currently our site is perfectly made for mobile browsing; It will be an addition of services in a very short time!

Every business must evaluates the actual need to put forward the PUSH NOTIFICATIONS. Note that there are certain prerequisites to be able to send notifications via the web, like:

– Your site must be on the HTTPS (in full). So if you have a blog, it will have be under a security certificate to distribute notifications. Google Chrome requires it and Apple too.

 

BEWARE !

It is possible that third-party providers allow you to use push notifications via their server over HTTPS, allowing you to dodge the need to have a security certificate.

Important!  Third-party vendors will certainly establish their own advertising in your notifications and most importantly, they will capture information from your users to reinforce the databases on the habits of visitors.

If you plan to put in place such a solution, it is best to have its own security certificate on its website and set notifications with Google for now or wait an OPEN SOURCE  solution that will keep the whole process of notifications on your own server. Your users will surely be pleased that you take care to preserve intact their privacy!

Share this
18 Apr

How to perform a Audit Check of your Website

audit check website

All firms, small and big ones should conduct a security audit on their data structures and their website. Every owner or manager of a website must lead at regular intervals a security audit to determine if everything is secure.

Because of the frequent changes that are made in the technology and softwares,  security auditing is essential as a prevention tool but also for planning future equipment needs, programming and logistical support.

 

 

How to conduct a security audit?

Before driving a security audit, you must do some planning (pre-audit) and organizing this recurring task. An infrastructure plan should be done. If you have a small system, you can always write down the brand, model, drive capacity and memory, software versions, proof of purchase and warranty.

You should then make a short summary of what constitutes the infrastructure. Mentioning how many computers are in the network, internet access point, routers, switches, wiring, where are these facilities and who is the internet provider with the account number and the annual cost of the solution.

Then you determine if your security audit is done globally or if it is done in portions all year long. You might determine to check that online transactions meet the standards every 6 months, but keep an audit of physical security every 3 months. In addition, you may establish a software audit annually.

A possible division of audits should respect your budget, be well targeted in dates in order to have all relevant human resources available during the audit.

It is useful to clearly define the objectives of the audit of each departments according to their environment by clearly stating the degree of sensitivity of the data passing through. All policies and procedures or guidelines should be classified in handwritten files made available to all and clearly identified.

Remember that security auditing is used to enforce security, it is a development tool for systems and data. Do not search for things not done as demanded rather to improve the situation by taking the current pulse of the situation.

 

 

The Checklist

Depending on the type of organization in which you operate, the elements constituting the safety audit will increase. Even in small businesses you should have these basic elements:

– Check the protection of passwords;

– Check open and accessible network ports;

– Whether it is possible to do SQL Injection;

– Determine whether the backups and supports are adequate in number and quality;

– Check that the updates are done on a regular basis and all softwares are up to date;

– Check vulnerabilities of servers : Their location, their age, the risk of damage etc.

In a wider audit plan, there are hundreds of factors that are to be assessed by high risk, medium or low risk. It is necessary to determine a schedule for each of these items and vote a budget to solve them instead of seeing the list grow in number.

The problems often come at the worst time. The failure to conduct security audit not only exposes you to hackers and data loss but also the contingencies and misfortunes.

If you are vulnerable at all points of view, you will certainly not fulfill your short or medium term mission.

Internet Cloud Canada conducts comprehensive security audits for all types of organizations. Our solution allows you to develop your business and ensure the quality of data processing!

 

 

Open Solutions for audit check

Every origanizations have differents goals, budget and views of security audits. There’s open solutions available. They do not give the full state of your business vulnerabilities, but it’s better than nothing at all!

For LINUX, the following testing and auditing tools can inform you about some flaws in your systems.

You can also use the free or near-free online scan solutions to identify some vulnerabilities.

 

 

Conclusion

Whatever the nature of your organization or its size or complexity, you have to drive minimally a security audit annually and ensure to include as much informations possible to make good decisions that will shape your future.

If you need some advices or find that open solutions do not meet your needs or are too complex, our technicians will be happy to conduct your security audits for you.

We include in our audits: DOM-Based Cross-site Scripting, Reflected Cross-site Scripting, verifying all credentials and passwords, tests of the security certificates (https), PCI standards for online merchants, correct encoding of Data in HTML, checking the physical safety of the equipment and its environment. The audit we drive will be aligned with your objectives and your budget!

Share this

© 2018-2023 Internet Cloud Canada.Tous droits réservés. (Sitemap).