+44 (0) 1223 378 000
info@cpl.co.uk
1 Cambridge
Technopark,
Newmarket Road,
Cambridge,
CB5 8PB, UK
How long do you think it takes before a new machine connected to the internet for the first time gets attacked by malicious traffic? Oliver Smith explains how we protect our clients' websites.
We host websites for clients and every site gets its own server. In fact, it gets two – a production server for the live site, and another for staging, where updates can be tested and signed off before being deployed to production.
As you can imagine, we ‘spin up’ a lot of new machines – albeit as software in the cloud, rather than separate, real, physical boxes.
Each is likely to be targeted by automated hacking attempts within minutes – and sometimes seconds – of coming online.
To paraphrase the character Kyle Reese in The Terminator talking about the threat of a malign technology:
Malicious traffic on the internet is automated and relentless and you need to be prepared for it. Kaspersky, a multinational cybersecurity and anti-virus provider, has mapped some of it to give you an idea of what to expect.
All the servers we create at CPL are protected following best practice security principles during the setup process. Here are three areas we consider particularly important:
Key authentication
Instead of passwords, we use key authentication for logging into servers. Keys are better than passwords because they contain more data, so are much harder to guess or break by brute force by trying all possible variations. They can be expired, if there is a risk one may have been compromised. Despite their strength, a good passphrase should always be used to protect them.
Firewall
All servers get their own firewall configuration. This restricts the traffic that can reach the server and what can leave it too. We also run monitoring software actively to block suspicious activity as it occurs.
Automated security updates
Automating regular updates to server software would introduce an unacceptable risk of a service interruption because of some unforeseen incompatibility. Security updates are a different matter and, while not without risk, are better than unpatched security holes, so our preference is to have them enabled.
They say the price of liberty is eternal vigilance and, where internet security is concerned, it is essential to be constantly vigilant. As far as server configuration goes, that is something we take very seriously. Our clients can rest assured that whatever content they host with us it will be as safe as we can possibly make it.
Get in touch with us for more information on our web services.