Security Basics mailing list archives
Re: Web Hosting / and Site Security Question
From: "Steve" <securityfocus () delahunty com>
Date: Tue, 12 Oct 2004 11:48:04 -0400
It can't hurt to use SSL as you suggest. I would recommend checking out firms like Digex, AboveNet, and ServerVault for secure managed hosting. Maybe even consider RackSpace. But expect to pay much more than lower end providers. Check out TruSecure certified firms, such as ServerVault. ----- Original Message ----- From: "Mailing Lists" <itmaillist () gmail com> To: <security-basics () securityfocus com> Sent: Friday, October 08, 2004 2:35 PM Subject: Web Hosting / and Site Security Question Hello, I am doing work for a small / mid sized company that is going to begin using their website more actively. I have a few questions regarding security and hosting issues. First off we are going to use a third party to host an application that will collect information from clients and customers. On our site we will provide a link that will take customers and clients to that secured site. We have done thorough Vendor Management and we are confident that this company is secure and reliable. My question is does it make sense / is it necessary to incorporate SSL onto our web page. Specifically I am concerned with the page that contains the link to the third party website. My thought is that the page that contains the link to the third party application would be digitally signed and secured so that users are assured that the link provided is the intended link. Does this actually add security? Is this going to provide any real protection against phishing scams and the like? What are the Pro's and Con's? Are there any better solutions, methodologies for adding security in this circumstance? Secondly, this company has been using a mom and pop shop for web and email hosting since its inception. Now that the web page is going to be used more actively for promotional use and the company is growing in size I believe there is a need to start being more security minded about the hosting of the site.(i.e. potential for defacement, et al) I would like to find a company that can host the website and email that does annual security assessments and penetration testing, and can provides us with SAS70 Type II or similar documentation. Any recommendations about companies that you have used or worked with would be greatly appreciated. Thanks in advance for your responses!
Current thread:
- Web Hosting / and Site Security Question Mailing Lists (Oct 08)
- Re: Web Hosting / and Site Security Question Steve (Oct 12)
- Re: Web Hosting / and Site Security Question Miles Stevenson (Oct 12)
- Re: Web Hosting / and Site Security Question Miles Stevenson (Oct 13)
- Re: Web Hosting / and Site Security Question Adam Jones (Oct 12)
- <Possible follow-ups>
- Re: Web Hosting / and Site Security Question Hamish Stanaway (Oct 14)