Blog

Server security: protecting your website

How long do you think it takes before a new machine connected to the internet for the first time gets attacked by malicious traffic? Oliver Smith explains how we protect our clients' websites.

We host websites for clients and every site gets its own server. In fact, it gets two – a production server for the live site, and another for staging, where updates can be tested and signed off before being deployed to production.

As you can imagine, we ‘spin up’ a lot of new machines – albeit as software in the cloud, rather than separate, real, physical boxes.

Each is likely to be targeted by automated hacking attempts within minutes – and sometimes seconds – of coming online.

To paraphrase the character Kyle Reese in The Terminator talking about the threat of a malign technology:

‘It’s out there. It can’t be bargained with. It can’t be reasoned with. It doesn’t feel pity, or remorse, or fear. And it absolutely will not stop, ever.’

Malicious traffic on the internet is automated and relentless and you need to be prepared for it. Kaspersky, a multinational cybersecurity and anti-virus provider, has mapped some of it to give you an idea of what to expect.

All the servers we create at CPL are protected following best practice security principles during the setup process. Here are three areas we consider particularly important:

Key authentication

Instead of passwords, we use key authentication for logging into servers. Keys are better than passwords because they contain more data, so are much harder to guess or break by brute force by trying all possible variations. They can be expired, if there is a risk one may have been compromised. Despite their strength, a good passphrase should always be used to protect them.

Firewall

All servers get their own firewall configuration. This restricts the traffic that can reach the server and what can leave it too. We also run monitoring software actively to block suspicious activity as it occurs.

Automated security updates

Automating regular updates to server software would introduce an unacceptable risk of a service interruption because of some unforeseen incompatibility. Security updates are a different matter and, while not without risk, are better than unpatched security holes, so our preference is to have them enabled.

They say the price of liberty is eternal vigilance and, where internet security is concerned, it is essential to be constantly vigilant. As far as server configuration goes, that is something we take very seriously. Our clients can rest assured that whatever content they host with us it will be as safe as we can possibly make it.

 

Get in touch with us for more information on our web services.

Oliver Smith
is a former senior associate - digital development
at CPL

Latest news

Insights
The ground-breaking work of John Reardon, a long-time photographer for CPL, is highlighted in a new exhibition...
News
Watch our moving new film for an educational charity that we have supported for more than a decade.The film...
News
CPL One has been shortlisted for seven Memcom Excellence Awards. The awards recognise the creativity and hard work...