Difference between revisions of "Secure hosting guide"

(Useful References)
 
(20 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
__NOTOC__
 +
 +
This document is the result of a collaborative project between [http://www.huridocs.org/ Huridocs] and [https://equalit.ie eQualit.ie].
 +
 
==Useful References==
 
==Useful References==
 
* [https://github.com/OpenInternet/MyWebsiteIsDown/blob/master/MyWebsiteIsDown.md What to do when your website goes down]
 
* [https://github.com/OpenInternet/MyWebsiteIsDown/blob/master/MyWebsiteIsDown.md What to do when your website goes down]
* [http://moz.com/blog/the-definitive-guide-to-wordpress-security Guide to secure Wordpress hosting]
+
* [http://en.flossmanuals.net/wordpress/ Building a Wordpress site] and then [http://moz.com/blog/the-definitive-guide-to-wordpress-security Guide to secure Wordpress set-up]
 +
* The Engine Room's [[Responsible Data Forum on Hosting]]
 +
* [http://en.flossmanuals.net/video-hosting-guide-t/index/ Independent video hosting]
  
 
=Introduction=
 
=Introduction=
 +
Hosting a website that can withstand various malicious attacks and unauthorised access attempts is not an easy task. There are several approaches to mitigating digital threats and reducing your site's vulnerabilities. There is no one-fits-all solution however and the site's owners or administrators should plan for various contingencies well in advance, in lieu of their financial situation and technical expertise. This guide attempts to describe several scenarios and various approaches for secure hosting.
  
Hosting a website that can withstand various malicious attacks and unauthorised access is not an easy task. There are several approaches to mitigating digital threats and reducing your site's vulnerabilities. There is no one-fits-all solution however and the site's owners or administrators should plan for various contingencies well in advance, in lieu of their financial situation and technical expertise. This guide attempts to describe several scenarios and various approaches for secure hosting.  
+
==Step 1: Decide on your level of technical expertise==
 +
A lot of choices made within this guide will depend on your level of technical expertise dealing with server configuration and maintenance. You should evaluate your situation honestly and try not to exceed this level. We will use the following key to differentiate the difficulty associated with each type of activity.  
  
 +
*'''High Technical''' - multiple experiences of server administration, can confidently install/update server software; apache, mysql, mail server OR access to a consultant with these skills. Do not attempt to learn as you go!
 +
*'''Intermediate Technical''' - some experience of server administration, can install and manage web services software via guides, can use ssh and commandline interface
 +
*'''Basic Technical''' - no experience with server management. Can use software management interfaces such as CPanel
  
==What are you planning to host?==
+
'''Required''' - basic knowledge about Internet infrastructure and addressing is required should you want to maintain anything on the Internet (Facebook, twitter, other social networks exempted) that is bound to last the test of time. Please read through [https://learn.equalit.ie/wiki/How_does_the_Internet_actually_work%3F HOW DOES THE INTERNET ACTUALLY WORK?] to get the basics and go on from there. You need to know a little bit about architecture before building your house.
*[[Standard Website]] - standalone website, blog, forum
+
*[[Internet Server]] - mail server, VPN, proxy
+
*[[Content_Resource_Management(CRM) | Content Resource Management(CRM)]]
+
*[[Web_application | Web Application]]
+
  
==What type of data will you be storing?==
+
==Step1: What are you planning to host?==
*[[ Receive_Sensitive_Data | Receive sensitive submissions of data]]
+
*[[Website]] - standalone website, blog, forum
*[[ Sensitive_Data | Store sensitive data]]
+
*[[ User_Data | Store private user data]] - login credentials, user information
+
*[[ Published_data | Publish information for consumption by the general public ]]
+
*[[ Data_Sensitivity | Determining Data sensitivity types]]
+
  
==What is your level of technical ability?==
+
==Step 2: What are your hosting options==
 
+
Each category will include details of hosting options for additional reference we include here core hosting types and a methodology for choosing a hosting provider:
Throughout this guide we will use the following key to differentiate the difficulty level associated with each type of system setup. More technically complicated setups will require either permanent IT staff or access to an IT provider. The latter may be limited by an organisation financial resources.
+
  
*'''High Technical''' - multiple experiences of server administration, can confidently install/update server software; apache, mysql mail server
+
*[[Choose a hosting provider]]
*'''Intermediate Technical''' - some experience of server administration, can install and manage software via guides, can use ssh and commandline interface
+
*[[Choose a name registrar]]
*'''Basic Technical''' - no experience, can use software management interfaces such as CPanel
+
*[[Geography, lesgislation and terms of service]]
 
+
==Contingency Planning and Threat Mitigation==
+
  
 +
==Step 3: Plan for contingency and threat mitigation==
 
For each form of system use relevant threats and strategies to mitigate them are include. These approaches are ordered in terms of technical ability requirements. The following topics are relevant to all setups:
 
For each form of system use relevant threats and strategies to mitigate them are include. These approaches are ordered in terms of technical ability requirements. The following topics are relevant to all setups:
  
*[[ Data_Backup | Data backup and recovery]]
+
*[[System_Management|System Management]]
*[[Password_Management | Password management]]
+
*[[Data_Backup|Data backup and recovery]]
*[[Data_Encryption | Data Encryption]]
+
*[[Access Restrictions]]
*[[Secure_Communications | Secure communications]]
+
*[[Data Encryption]]
*[[Brute_Force_DDOS | Brute force and Denial of Service attacks]]
+
*[[Monitoring]]
[[Category:Huridocs collaboration]]
+
*[[Webserver setup]]
 +
*[[Secure connections]]
 +
*[[Brute_Force_DDOS| Denial of Service and Brute Force attacks]]
 +
 
  
==Hosting Options==
 
  
Each category will include details of hosting options for additional reference we include here core hosting types and a methodology for choosing a hosting provider:
 
  
*[[Dedicated_Hosting_Option | Dedicated Hosting]]
 
*[[Shared_Hosting_Option | Shared Hosting]]
 
*[[Cloud_Hosting_Option | Cloud Hosting]]
 
*[[Choosing_A_Host | Choosing a hosting provider]]
 
 
[[Category: Secure Hosting]]
 
[[Category: Secure Hosting]]

Latest revision as of 20:45, 4 June 2014


This document is the result of a collaborative project between Huridocs and eQualit.ie.

Useful References

Introduction

Hosting a website that can withstand various malicious attacks and unauthorised access attempts is not an easy task. There are several approaches to mitigating digital threats and reducing your site's vulnerabilities. There is no one-fits-all solution however and the site's owners or administrators should plan for various contingencies well in advance, in lieu of their financial situation and technical expertise. This guide attempts to describe several scenarios and various approaches for secure hosting.

Step 1: Decide on your level of technical expertise

A lot of choices made within this guide will depend on your level of technical expertise dealing with server configuration and maintenance. You should evaluate your situation honestly and try not to exceed this level. We will use the following key to differentiate the difficulty associated with each type of activity.

  • High Technical - multiple experiences of server administration, can confidently install/update server software; apache, mysql, mail server OR access to a consultant with these skills. Do not attempt to learn as you go!
  • Intermediate Technical - some experience of server administration, can install and manage web services software via guides, can use ssh and commandline interface
  • Basic Technical - no experience with server management. Can use software management interfaces such as CPanel

Required - basic knowledge about Internet infrastructure and addressing is required should you want to maintain anything on the Internet (Facebook, twitter, other social networks exempted) that is bound to last the test of time. Please read through HOW DOES THE INTERNET ACTUALLY WORK? to get the basics and go on from there. You need to know a little bit about architecture before building your house.

Step1: What are you planning to host?

  • Website - standalone website, blog, forum

Step 2: What are your hosting options

Each category will include details of hosting options for additional reference we include here core hosting types and a methodology for choosing a hosting provider:

Step 3: Plan for contingency and threat mitigation

For each form of system use relevant threats and strategies to mitigate them are include. These approaches are ordered in terms of technical ability requirements. The following topics are relevant to all setups: