Difference between revisions of "Secure hosting guide"
(Created page with " Category: Secure Hosting") |
|||
| Line 1: | Line 1: | ||
| + | ==Useful References== | ||
| + | * [https://github.com/OpenInternet/MyWebsiteIsDown/blob/master/MyWebsiteIsDown.md What to do when your website goes down] | ||
| + | * [http://moz.com/blog/the-definitive-guide-to-wordpress-security Guide to secure Wordpress hosting] | ||
| + | =Introduction= | ||
| + | Hosting a website that can withstand various malicious attacks and unauthorised access is not an easy task. There are several approaches to mitigating digital threats and reducing your site's vulnerabilities. There is no one-fits-all solution however and the site's owners or administrators should plan for various contingencies well in advance, in lieu of their financial situation and technical expertise. This guide attempts to describe several scenarios and various approaches for secure hosting. | ||
| + | |||
| + | == What are the risks == | ||
| + | |||
| + | ==What do you want to host?== | ||
| + | *[[Content_Publishing_Site | Content Publishing Site]] - standalone website, blog, forum | ||
| + | *[[Mail_Server | Mail Server]] | ||
| + | *[[Content_Resource_Management(CRM) | Content Resource Management(CRM)]] | ||
| + | *[[Web_application | Web Application]] | ||
| + | |||
| + | ==What type of data will you be storing?== | ||
| + | *[[ Receive_Sensitive_Data | Receive sensitive submissions of data]] | ||
| + | *[[ Sensitive_Data | Store sensitive data]] | ||
| + | *[[ User_Data | Store private user data]] - login credentials, user information | ||
| + | *[[ Published_data | Publish information for consumption by the general public ]] | ||
| + | *[[ Data_Sensitivity | Determining Data sensitivity types]] | ||
| + | |||
| + | ==What is your level of technical ability?== | ||
| + | |||
| + | Throughout this guide we will use the following key to differentiate the difficulty level associated with each type of system setup. More technically complicated setups will require either permanent IT staff or access to an IT provider. The latter may be limited by an organisation financial resources. | ||
| + | |||
| + | *'''High Technical''' - multiple experiences of server administration, can confidently install/update server software; apache, mysql mail server | ||
| + | *'''Intermediate Technical''' - some experience of server administration, can install and manage software via guides, can use ssh and commandline interface | ||
| + | *'''Basic Technical''' - no experience, can use software management interfaces such as CPanel | ||
| + | |||
| + | ==Contingency Planning and Threat Mitigation== | ||
| + | |||
| + | For each form of system use relevant threats and strategies to mitigate them are include. These approaches are ordered in terms of technical ability requirements. The following topics are relevant to all setups: | ||
| + | |||
| + | *[[ Data_Backup | Data backup and recovery]] | ||
| + | *[[Password_Management | Password management]] | ||
| + | *[[Data_Encryption | Data Encryption]] | ||
| + | *[[Secure_Communications | Secure communications]] | ||
| + | *[[Brute_Force_DDOS | Brute force and Denial of Service attacks]] | ||
| + | [[Category:Huridocs collaboration]] | ||
| + | |||
| + | ==Hosting Options== | ||
| + | |||
| + | Each category will include details of hosting options for additional reference we include here core hosting types and a methodology for choosing a hosting provider: | ||
| + | |||
| + | *[[Dedicated_Hosting_Option | Dedicated Hosting]] | ||
| + | *[[Shared_Hosting_Option | Shared Hosting]] | ||
| + | *[[Cloud_Hosting_Option | Cloud Hosting]] | ||
| + | *[[Choosing_A_Host | Choosing a hosting provider]] | ||
[[Category: Secure Hosting]] | [[Category: Secure Hosting]] | ||
Revision as of 16:09, 25 April 2014
Contents
Useful References
Introduction
Hosting a website that can withstand various malicious attacks and unauthorised access is not an easy task. There are several approaches to mitigating digital threats and reducing your site's vulnerabilities. There is no one-fits-all solution however and the site's owners or administrators should plan for various contingencies well in advance, in lieu of their financial situation and technical expertise. This guide attempts to describe several scenarios and various approaches for secure hosting.
What are the risks
What do you want to host?
- Content Publishing Site - standalone website, blog, forum
- Mail Server
- Content Resource Management(CRM)
- Web Application
What type of data will you be storing?
- Receive sensitive submissions of data
- Store sensitive data
- Store private user data - login credentials, user information
- Publish information for consumption by the general public
- Determining Data sensitivity types
What is your level of technical ability?
Throughout this guide we will use the following key to differentiate the difficulty level associated with each type of system setup. More technically complicated setups will require either permanent IT staff or access to an IT provider. The latter may be limited by an organisation financial resources.
- High Technical - multiple experiences of server administration, can confidently install/update server software; apache, mysql mail server
- Intermediate Technical - some experience of server administration, can install and manage software via guides, can use ssh and commandline interface
- Basic Technical - no experience, can use software management interfaces such as CPanel
Contingency Planning and Threat Mitigation
For each form of system use relevant threats and strategies to mitigate them are include. These approaches are ordered in terms of technical ability requirements. The following topics are relevant to all setups:
- Data backup and recovery
- Password management
- Data Encryption
- Secure communications
- Brute force and Denial of Service attacks
Hosting Options
Each category will include details of hosting options for additional reference we include here core hosting types and a methodology for choosing a hosting provider:
