Changes
/* Useful References */
__NOTOC__
This document is the result of a collaborative project between [http://www.huridocs.org/ Huridocs] and [https://equalit.ie eQualit.ie].
==Useful References==
* [https://github.com/OpenInternet/MyWebsiteIsDown/blob/master/MyWebsiteIsDown.md What to do when your website goes down]
* [http://en.flossmanuals.net/wordpress/ Building a Wordpress site] and then [http://moz.com/blog/the-definitive-guide-to-wordpress-security Guide to secure Wordpress set-up]* The Engine Room's [[Responsible Data Forum on Hosting]]* [http://en.flossmanuals.net/video-hosting-guide-t/index/ Independent video hosting]
=Introduction=
Hosting a website that can withstand various malicious attacks and unauthorised access attempts is not an easy task. There are several approaches to mitigating digital threats and reducing your site's vulnerabilities. There is no one-fits-all solution however and the site's owners or administrators should plan for various contingencies well in advance, in lieu of their financial situation and technical expertise. This guide attempts to describe several scenarios and various approaches for secure hosting.
==Step1: What type of data will are you be storingplanning to host?==*[[ Receive_Sensitive_Data | Receive sensitive submissions of data]]*[[ Sensitive_Data | Store sensitive data]]*[[ User_Data | Store private user dataWebsite]] - login credentialsstandalone website, user information*[[ Published_data | Publish information for consumption by the general public ]]*[[ Data_Sensitivity | Determining Data sensitivity types]]blog, forum
==Step 2: What is are your level of technical ability?hosting options== Throughout this guide we Each category will use the following key to differentiate the difficulty level associated with each type include details of system setup. More technically complicated setups will require either permanent IT staff or access to an IT hosting options for additional reference we include here core hosting types and a methodology for choosing a hosting provider. The latter may be limited by an organisation financial resources.:
*'''High Technical''' - multiple experiences of server administration, can confidently install/update server software; apache, mysql mail server[[Choose a hosting provider]]*'''Intermediate Technical''' - some experience of server administration, can install and manage software via guides, can use ssh and commandline interface[[Choose a name registrar]]*'''Basic Technical''' - no experience[[Geography, can use software management interfaces such as CPanel ==Contingency Planning lesgislation and Threat Mitigation==terms of service]]
==Step 3: Plan for contingency and threat mitigation==
For each form of system use relevant threats and strategies to mitigate them are include. These approaches are ordered in terms of technical ability requirements. The following topics are relevant to all setups:
*[[System_Management|System Management]]*[[ Data_Backup | Data backup and recovery]]*[[Password_Management | Password managementAccess Restrictions]]*[[Data_Encryption | Data Encryption]]*[[Secure_Communications | Monitoring]]*[[Webserver setup]]*[[Secure communicationsconnections]]*[[Brute_Force_DDOS | Brute force and Denial of Service and Brute Force attacks]][[Category:Huridocs collaboration]]
[[Category: Secure Hosting]]