Security Basics mailing list archives
Re: Web Hosting / and Site Security Question
From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Tue, 12 Oct 2004 20:33:10 +0000
Hi there,I believe that it would be benificial for you to get SSL on the page and also over your domain. Reason being, that if a customer does have an issue with data theft etc then you can rest assured that you did take the necessary precaution(s) against this. The only issue you may have is if the third party page doesn't have SSL - then their end would be insecure. You might want to suggest to the third party sight about the possibility of getting SSL on the server they own too.
Kindest of regards, Hamish Stanaway, CEO Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New Zealand http://www.webhosting.net.nz/ http://www.buywebhosting.co.nz/
----- Original Message ----- From: "Mailing Lists" <itmaillist () gmail com> To: <security-basics () securityfocus com> Sent: Friday, October 08, 2004 2:35 PM Subject: Web Hosting / and Site Security Question Hello, I am doing work for a small / mid sized company that is going to begin using their website more actively. I have a few questions regarding security and hosting issues. First off we are going to use a third party to host an application that will collect information from clients and customers. On our site we will provide a link that will take customers and clients to that secured site. We have done thorough Vendor Management and we are confident that this company is secure and reliable. My question is does it make sense / is it necessary to incorporate SSL onto our web page. Specifically I am concerned with the page that contains the link to the third party website. My thought is that the page that contains the link to the third party application would be digitally signed and secured so that users are assured that the link provided is the intended link. Does this actually add security? Is this going to provide any real protection against phishing scams and the like? What are the Pro's and Con's? Are there any better solutions, methodologies for adding security in this circumstance? Secondly, this company has been using a mom and pop shop for web and email hosting since its inception. Now that the web page is going to be used more actively for promotional use and the company is growing in size I believe there is a need to start being more security minded about the hosting of the site.(i.e. potential for defacement, et al) I would like to find a company that can host the website and email that does annual security assessments and penetration testing, and can provides us with SAS70 Type II or similar documentation. Any recommendations about companies that you have used or worked with would be greatly appreciated. Thanks in advance for your responses!
_________________________________________________________________On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Current thread:
- Web Hosting / and Site Security Question Mailing Lists (Oct 08)
- Re: Web Hosting / and Site Security Question Steve (Oct 12)
- Re: Web Hosting / and Site Security Question Miles Stevenson (Oct 12)
- Re: Web Hosting / and Site Security Question Miles Stevenson (Oct 13)
- Re: Web Hosting / and Site Security Question Adam Jones (Oct 12)
- <Possible follow-ups>
- Re: Web Hosting / and Site Security Question Hamish Stanaway (Oct 14)