HTML.co.uk

If you have decided to run an E-commerce or an online store Website, you should have the knowledge of HTTPS (“hyper text transfer protocol with secure sockets layer”). “HTTPS” is nothing but a protocol to transfer your encrypted data through Web.

There are chiefly 2 main differences between an HTTP and HTTPS connection network.

HTTP connects on the port 80 while HTTPS connects on 443. HTTP encrypts the data received and sent as plain text while HTTPS encrypts in SSL.

Almost all the Web customers are aware that, they have to look out for HTTPS in URL and have to lock icon when they are in the process of transaction. If your storefront isn’t using HTTPS, then you are going to lose your customers. It’s common to find on Websites that some of the stores use plain HTTP to collect money including the customers’ credit card details and doing this way of business is very bad to you and your customer and you might lose your customer.

As mentioned above, HTTP sends and receives the data over the internet as a plain text. This means, if you have a credit card form which asks the credit card details of your customer and the credit card details furnished by the customer can be easily intercepted by anyone on the net by using “packet Sniffer” (a wiretap that is used to eavedrop the computer networks). Since there are a lot of “Free Sniffer Software Tools” (example: “Ethereal Network Analyzer”, “Network Probe”, “AnalogX PacketMon”, “Analyzer”, “Sniphere” and many other) and the people using this can be anyone. By using HTTP and if you are collecting credit card information, you are broadcasting the entire details of the credit card to the world. Later your customer will realize that his credit card information is leaked when comes to know that some theft has happened.

What are things you need to host secure pages?

There are only few things you require to host pages that are secure on your Website.
Firstly, Web servers like “apache” along with “MOD_SSL” that will support SSL encryption
Secondly, unique IP address (it is used to validate the secured certificate by certificate providers)
Thirdly, SSL certificate from the providers of “SSL certificate”

If you are very much sure about the first 2 items, contact your Web Hoster so that they can help you.

After obtaining HTTPS certificate

In your Web server, your Web hoster has to set the certificate so that each and every time a page is accessed, it has to hit the secure server. Once this work is done, you can carry on with building your WebPages that has to be secured.

Some of tips to use HTTPS

Point at all the Webforms on HTTP: whenever you go to the link of Webforms on your Website, get used to link them with full Server URL.

On secured pages use “relative paths” on images

Secure the page that collect and requests the data: this done because if your entire pages are secured, your server will slow down and the charge will be more.

Nobody would even think that the web developers would be worried about the viruses in particular. But the fact is that it is getting harder to hide from the smart virus writers. The most common SirCam virus is so dangerous that it is capable of searching the cached web pages or the email addresses. As this virus has an inbuilt mail server, it makes use of those email addresses for sending out the annoying spam email messages. The worst part is that this spammer is not used for sending any mail, but instead sends a virus to all the recipients.

How to protect yourself?

• Add anti-spam messages to your email addresses: These are special messages that cannot be recognised by a virus or a spambot but a person would easily be able to strip out.
• Take off your email address from your web pages: Make use of feedback forms where your email address was embedded in the CGI and not the HTML. The main reason of using the CGI here is that CGI cannot be cached and at the same time, you can still get your comments.
• Convert your email address to an image: Viruses and spammer programs cannot cache the images in the same way as they would be grabbing the email addresses. Always ensure that your email address is not included in your alt text.
• Make use of the JavaScript for building your mailto field: Try to use the JavaScript with variables which has been used for splitting up your email address, for building up mailto link, which cannot be read by the spambots.

Anti-Spam Messages in the Email Address
The easiest method of preventing the viruses and spam from spreading is by making use of the Anti Spam messages. Just add the words that would be recognised and should be removed from your email address in the mailto field.

The biggest drawback o using this method is that people easily skip out on the email addresses while clicking on the mailto link. And there is every possibility that if a bounce back message is received by them, it will be simply deleted.

Removing the email addresses
The most effective method of avoiding span or viruses would be to remove completely your email addresses. You just need to create a web form and send the mail using the CGI. Although there are variety of forms to email CGI is available but it is quite imperative to concentrate on the one which has the ability to store the email addresses in the CGI itself. Virus or a spambot can easily get the email address it is in the HTML.
The biggest drawback of this that people avoid using them as they feel more impersonal. Many of the customers who would have otherwise intimated you about the broken link will think twice before intimating you.

Convert Email Addresses to Images
If you have the comfort with the graphics, you can easily convert your email addresses to the images. There is a free Windows tool available for converting the email addresses to the image format for hiding from the spammers.

The biggest drawback o this is that once your email address is converted to an image, it cannot be used in the mailto tag. Also, your email address will have to be written by the customers themselves which can also cause typographical errors.

JavaScript to hide the email addresses
It is considered to be the most effective ways of hiding your email addresses from the viruses and the spambots, but always ensure that your customers have the convenience o using the mailto link.

The biggest drawback of this is that certain people work with the JavaScript turned off due to security reasons. The mailto link for these people will not be effective at all.

If the internet has proved itself as a source of entertainment, international trade and knowledge, then it has also attracted hackers, spammers and other types of online criminal activities. Everyday a large number of web sites are hacked with the intuition of stealing the private data of companies, stealing credit card information, unethically discovering customer details and similar kinds of illicit activities. It is therefore important to keep the web pages secured 24×7.

To make the web a secure place to work, various tools are being designed everyday. There are different types of firewalls, anti-root kits, anti-virus, anti-spam tools available in the market. One can make judicious use of all of them as per his/her needs and network infrastructure. Besides these tools there are other methodologies also which should be considered while securing the web pages online. For example:

• Disabling the Guest account: Most of the Windows servers have a guest account by default. This account gives the users limited access to the server’s resources but as it does not asks for password anyone can log into the server and try to infiltrate the data somehow.

• Don’t forget to rename the Administrator’s Account: By default the Windows server assigns ‘administrator’ as the user name for the administrator account which has all the powers and access to all the resources. If you don’t rename this account then half the work has been already done for the hacker. Now he has to guess only the password.

• Take your passwords to the heights of complexity and ambiguity: The passwords should always be very, very complex. You can set a strong password policy for your servers to avoid successful password guess by the hacker.

• Disable the unwanted protocols: Not all the protocols running in the background are needed all the time. Thus it is recommended that all the unwanted protocols must be disabled as these protocols open up different communication ports on the network. For example if the Telnet protocol is enabled unnecessary then the hacker may get successful in establishing a remote connection with your server.

• Use SSL: SSL (Secured socket Layer) is a protocol which is developed to promote web security. It allows the use of a large number of encryption methods.

• Use SHTTP: SHTTP is a short for Secure Hyper Text Transfer Protocol. It is an extension of the standard HTTP protocol and is different from the SSL but is used for the same purpose; to deliver secured web pages.

• Use Certificates: Certificates can be used in order to ensure leak proof transactions over the web. It features user authentication. They are digitally signed electronic documents which verify the connection between a server’s encryption scheme and the server’s identification. All the digital signatures, cryptographic functions and trust policies are defined while issuing the certificates and they are issued by the third parties known as Certificate Authorities. In order to get a certificate for a web site one has to get registered with this authority. The digital certificate which is then issued is unique.

OK, you have created the world’s best web site which has got breath taking designs and extraordinary multimedia effects, but the bottom line is you have to publish it on the World Wide Web (WWW, popularly known as the Internet) so that it can been viewed by the public. As soon as your web site gets published online, it is ready to be a victim of the BAD internet. Your files and folders are prone to a large number of internet security threats. The fact is that certain aspects of the web sites cannot be protected. There is no single day till now on which all the web pages on the internet were free from viruses, spams, trojans or hacking attempts. If you are connected to a huge computer network such as internet, you are 100% exposed to malicious activities and thus, ‘Play At Your Own Risk’ is recommended.

Try to be safe up to the maximum possible level:

In order to be safe, the first and foremost thing required is that you should know about the types of internet threats as much as possible. The most dangerous and fatal practices used to destroy HTML files on the web are:

• Data theft in the form of pishing, hacking, spamming, spoofing etc.
• Destruction of HTML files and folders stored on the web server.
• Modification of the contents of the HTML documents.
• Hacking the complete web server.
• Different types of viruses on the network.

Carefully design a protection plan:

Once you have got to know about the possible online threats, the next step is to carefully analyze and design a protection plan for the HTML files residing on the web server. Following are some basic guidelines which can assist you in making a protection plan.

• Carefully separate the most important data from that which is not too much sensitive.
• After that examine and decide the level of protection needed for different types of data i.e. from the important ones to the casual ones.
• Examine the value of your web site on the internet. Analyze the page ranks of your HTML documents. This will let you know about up to what extent your web site can attract the hackers.
• Do consider the time, effort and money which you can spend for implementing, maintaining and upgrading the protection system for your web site in advance and proceed accordingly.
• Carefully choose the best possible company which can offer you the world class internet security services at an affordable cost.

Choose form a number of options to secure your data:

There are numerous of options available in the market which can be effectively combined to make a high-tech security system. The most internet security tools are anti-virus software, firewalls (both hardware and software), anti-pishing, anti-spamming and anti-spoofing systems, password protection, alarms, log maintainers, network intrusion detectors etc.