Re: Web Hosting / and Site Security Question

["Hamish Stanaway" <koremeltdown () hotmail com>]

Hi there,

I believe that it would be benificial for you to get SSL on the page and 
also over your domain.
Reason being, that if a customer does have an issue with data theft etc then 
you can rest assured that you did take the necessary precaution(s) against 
this.
The only issue you may have is if the third party page doesn't have SSL - 
then their end would be insecure. You might want to suggest to the third 
party sight about the possibility of getting SSL on the server they own too.

Kindest of regards,

Hamish Stanaway, CEO

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand
http://www.webhosting.net.nz/
http://www.buywebhosting.co.nz/
> ----- Original Message -----
> From: "Mailing Lists" <itmaillist () gmail com>
> To: <security-basics () securityfocus com>
> Sent: Friday, October 08, 2004 2:35 PM
> Subject: Web Hosting / and Site Security Question
>
>
> Hello,
>
> I am doing work for a small / mid sized company that is going to begin
> using their website more actively.  I have a few questions regarding
> security and hosting issues.
>
> First off we are going to use a third party to host an application
> that will collect information from clients and customers.  On our site
> we will provide a link that will take customers and clients to that
> secured site.  We have done thorough Vendor Management and we are
> confident that this company is secure and reliable.  My question is
> does it make sense / is it necessary to incorporate SSL onto our web
> page.  Specifically I am concerned with the page that contains the
> link to the third party website.  My thought is that the page that
> contains the link to the third party application would be digitally
> signed and secured so that users are assured that the link provided is
> the intended link.  Does this actually add security?  Is this going to
> provide any real protection against phishing scams and the like? What
> are the Pro's and Con's?  Are there any better solutions,
> methodologies for adding security in this circumstance?
>
> Secondly, this company has been using a mom and pop shop for web and
> email hosting since its inception.  Now that the web page is going to
> be used more actively for promotional use and the company is growing
> in size I believe there is a need to start being more security minded
> about the hosting of the site.(i.e. potential for defacement, et al)
> I would like to find a company that can host the website and email
> that does annual security assessments and penetration testing, and can
> provides us with SAS70 Type II or similar documentation.  Any
> recommendations about companies that you have used or worked with
> would be greatly appreciated.
>
> Thanks in advance for your responses!

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to 
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement