When communicating data to/from a server it is important that the infromation not be susceptible to man-in-the-middle attacks. If data is communicated over open, plain text mediums such as FTP or HTTP then that data can be intercepted and read by any entity on any of the networks that the information passes throug; this can included Local Area Networks, ISPs, or National Entities
There are a number of steps that can be taken to protect communication channels to and from the server, though no system is 100% secure.
- SSL If your website does not have an SSL certificate then all web traffic direct to your site will be unencrypted and potentially subject to snooping. Secure Socket Layer(SSL) is a cryptographic protocol which allows secure client-server interactions. Once a secure session has been established between the client, for example your web browser, and the server, your website in this case, all the information that passes between the two is unreadable to external parties. In order, to provide SSL for your website you must purchase an SSL certificate. This is a digital document that is signed by a recognised certificate reseller that uniquely belongs to your domain. An added benefit of SSL certificates is that they can aid in preventing SSL spoofing. This occurs where a malicious websites pretend to be a legitimate website or a server pretends to be a legitimate holder of the SSL cert. Most modern browsers will give a warning if an SSL cert has expired or is invalid - as in that it may be a spoof certificate. One of the most commonly used SSL software packages on the Internet, OpenSSL, suffered a major security flaw in the shape of the Heart Bleed bug. This left most websites using a certain version of OpenSSL open to an exploit. This incident highlights that no technology is 100% secure and requires constant monitoring.
- SFTP When transfering files to or from
- SSH