A dedicated hosting service is a kind of Internet hosting service in which a whole server or even a number of servers are leased by the client for e-commerce applications. This kind of hosting service is more expensive than shared hosting because the organization or company has complete control over the server or servers and can specify the kinds of hardware and operating system that are desired. In many cases, the provider takes care of server administration, including security issues.
The Absence of Industry Standards on the Management of Dedicated Servers
The industry standards for the kind of management given by the service provider are not yet clear. Thus, every company may claim that it will offer standard services but the exact nature of these services will vary from provider to provider. However, server management usually includes all or some of the following: server monitoring; updating of the operating system; application monitoring; monitoring of the SNMP hardware; updating of applications; updating of the antivirus program; firewall services; technical support; application management; intrusion detection; security audits; protection and mitigation of distributed denial-of-service (DDoS) attacks; Domain Name System (DNS) hosting; disaster recovery; load balancing; backups; performance tuning; database administration; user management; software installation; and programming consultation.
Providers of dedicating hosting services may offer various levels of support for server management. The first type of service leaves all management tasks to the client. Thus, the client will have to handle all upgrades, patches, maintenance and security tasks. This kind of service is best for clients who have their own IT staff who can take care of all of these things, including server security.
Providers may also offer various levels of management, from simple monitoring and maintenance to the uppermost level where they take care of everything and the client need not be involved in server management. Naturally, the top level of service is the most convenient for the client but it is also the most expensive and making adjustments to the system is much more difficult. Nevertheless, it may be advisable to compare the costs of having your own staff as opposed to letting the provider manage everything at a higher service cost.
Security Issues in Choosing Your Provider
In general, choosing your provider for dedicated hosting must also include the analysis of the kind of security services that are provided. Attacks against web servers for e-commerce have intensified and computer hackers are becoming more and more sophisticated in their techniques. They have even gone to the extent of setting up their own networks that have the sole purpose of stealing personal and financial information contained in web servers that could be sold to the highest bidder in the black market.
Despite the advances being made by hackers, many companies offering hosting services still use outdated security systems involving simple intrusion detection systems (IDS) and firewalls. For example, a role-based and redundant firewall system may be required that only allows ports that are necessary for the operation of the server to be open. The IDS must also have multi-level protection capabilities to block dangerous activities in the application level, OS level and network level. This IDS should also have the capacity to block network layer events, such as bad logons, overly active hosts and unacceptable content.
Other important security issues to consider when evaluating potential providers include the provision of: a hardened network design; web application security using established policies; the provision of a virtual private network (VPN) connection based on Secure Socket Layers (SSL) for the administration of the servers; creation of a log file for all suspicious activities; backup storage with encryption protection; protection against DDoS attacks; control of physical access to the servers; and secure adjustments to access when there is a change in personnel.
Preventing Data Theft
One of the most serious security threats in web servers for e-commerce sites is the possibility of data theft. If the confidential information entrusted to you by your customers get stolen by hackers, you are likely to lose a substantial percentage of them. And because of the power of word-of-mouth advertising, your business may be severely affected for years to come.
Therefore, a key security issue that should be considered when choosing your dedicated hosting provider is protection of the databases and other applications. Some of the malicious activities that should be prevented by the security system include: session hijacking; SQL injections; vulnerabilities in XML, HTTPS and others; computer worms; cross site scripting; zero day worms; form field tampering; denial of service; cookie poisoning; buffer overflow; malicious robots; remote file inclusion; illegal encoding; Google hacking; proxy vulnerabilities; OS attacks; OS command injection; forged cross-site requests; malicious encoding; brute force login; patient data disclosure; credit card exposure; phishing; corporate espionage; leakage of Social Security number; and damage to data.
Security is a very complex issue in e-commerce hosting. Malicious attacks by hackers are becoming more and more sophisticated and security systems need to be improved correspondingly. Choosing the proper dedicated hosting provider and your IT security staff is a vital task.