The Five Basic Levels of Web Hosting Security
Published on 03 June 13
David
2226
0
Despite all the knowledge, skills, and efforts of any domain hosting company, web server security is always in some way compromised. The reason for this lies in the fact that safety is joint work involving the owner of the account, the web host that provides space on a server, and the data center where the servers are located.
This division does not apply only if the "host" of your server is in your office or your data center, but this is extremely rare. In any other case, with all the effort of the webmaster and regardless of the amount of control you have, some elements of security should be entrusted to third parties.
Since in practice most hosting companies do not have their own data center, such an environment has five basic levels of security. In order for you as a user to work easily and painlessly it is important to understand which of these levels you can affect and what are your responsibilities.
1. Physical security.
Basic safety begins with physical safety. If a malicious unauthorized person has physical access to the server on which your site is, that person may do practically whatever he wants. He can simply pull the power cord, copy your data, or simply destroy it. This is one of the biggest reasons why serious data centers consider physical security very important and crucial in the services they offer.
Responsibility: This level of security lies on the back of the data center where the servers are located. Security breaches very rarely occur at this level.
2. Data center local area network.
The second level of security that should be taken into account is the local network that surrounds the physical server. Routers, switches, firewalls, and other network equipment are also vulnerable points. If an unauthorized person has access to these devices, they can without any trouble make a mess and cause damage, install malicious software that tracks and records traffic, collect confidential information, and so on.
Responsibility: This is also the responsibility of the data center.
3. Operating system.
Each computer must have some sort of an operating system. Just as ordinary home computers have operating systems such as Linux, Windows, or Mac OS, web servers are no different. Of course, server operating systems are slightly different. An attack at this level will have an impact not only on one account, but on all users who are on the physical server.
Responsibility: The responsibility is solely on hosting companies.
4. Virtualization.
Virtualization is a level of software that sits between the operating system and the user. Virtualization separates the physical server into multiple virtual servers, each of which behaves as a separate server using the assigned resources of the physical server. Some of the most widely used virtualization platforms are VMware, Xen, Hyper-V, and others. Even though they are all quite reliable, attack at this level can jeopardize the entire server.
Responsibility: The hosting company is responsible for defending against attack at this level.
5. System management server (control panel).
We have learned that each server has an installed OS, but that's not all. Each server usually has installed some software to manage user accounts that allows users to independently maintain accounts, set parameters, create email addresses, set up databases, and so on. Some of the most popular software packages to manage servers are cPanel, WebsitePanel, Helm, and Plesk. An attack at this level would enable the attacker to create new user accounts, delete data, and much more.
Responsibility: Responsibility at this level depends on your specific hosting package. In a shared hosting environment, this is the job of the hosting company. On a virtual private server (VPS) or dedicated server, it depends on whether you’ve purchased managed or unmanaged service. In the case of managed VPS services, responsibility lies with the hosting company. In the case of unmanaged VPS services, responsibility lies with you.
Vodien is a Singapore-based web host that provides domain hosting and small business web hosting. Host your website with the leading service provider in Asia.
This division does not apply only if the "host" of your server is in your office or your data center, but this is extremely rare. In any other case, with all the effort of the webmaster and regardless of the amount of control you have, some elements of security should be entrusted to third parties.
Since in practice most hosting companies do not have their own data center, such an environment has five basic levels of security. In order for you as a user to work easily and painlessly it is important to understand which of these levels you can affect and what are your responsibilities.
1. Physical security.
Basic safety begins with physical safety. If a malicious unauthorized person has physical access to the server on which your site is, that person may do practically whatever he wants. He can simply pull the power cord, copy your data, or simply destroy it. This is one of the biggest reasons why serious data centers consider physical security very important and crucial in the services they offer.
Responsibility: This level of security lies on the back of the data center where the servers are located. Security breaches very rarely occur at this level.
2. Data center local area network.
The second level of security that should be taken into account is the local network that surrounds the physical server. Routers, switches, firewalls, and other network equipment are also vulnerable points. If an unauthorized person has access to these devices, they can without any trouble make a mess and cause damage, install malicious software that tracks and records traffic, collect confidential information, and so on.
Responsibility: This is also the responsibility of the data center.
3. Operating system.
Each computer must have some sort of an operating system. Just as ordinary home computers have operating systems such as Linux, Windows, or Mac OS, web servers are no different. Of course, server operating systems are slightly different. An attack at this level will have an impact not only on one account, but on all users who are on the physical server.
Responsibility: The responsibility is solely on hosting companies.
4. Virtualization.
Virtualization is a level of software that sits between the operating system and the user. Virtualization separates the physical server into multiple virtual servers, each of which behaves as a separate server using the assigned resources of the physical server. Some of the most widely used virtualization platforms are VMware, Xen, Hyper-V, and others. Even though they are all quite reliable, attack at this level can jeopardize the entire server.
Responsibility: The hosting company is responsible for defending against attack at this level.
5. System management server (control panel).
We have learned that each server has an installed OS, but that's not all. Each server usually has installed some software to manage user accounts that allows users to independently maintain accounts, set parameters, create email addresses, set up databases, and so on. Some of the most popular software packages to manage servers are cPanel, WebsitePanel, Helm, and Plesk. An attack at this level would enable the attacker to create new user accounts, delete data, and much more.
Responsibility: Responsibility at this level depends on your specific hosting package. In a shared hosting environment, this is the job of the hosting company. On a virtual private server (VPS) or dedicated server, it depends on whether you’ve purchased managed or unmanaged service. In the case of managed VPS services, responsibility lies with the hosting company. In the case of unmanaged VPS services, responsibility lies with you.
Vodien is a Singapore-based web host that provides domain hosting and small business web hosting. Host your website with the leading service provider in Asia.
This review is listed under
IT Security & Architecture
, Server & Storage Management
and E-Commerce
Community
Related Posts:
Post a Comment
