Friday, August 12, 2011

Defending your Website

This summer, LulzSec, Anonymous, AntiSec, and many other criminal hacker gangs have been on the rampage, dumping emails, passwords, and confidential data onto the Internet. They have also been disabling websites with denial-of-service attacks. It is obvious that many sites are vulnerable to attack, even large companies like Sony and Mastercard, and government and law enforcement agencies. If you have any Web presence, you should be worried now--is the personal information on your computers safe? Your customers, employees, and business partners have entrusted you with their names, email addresses, credit card numbers, and passwords, but are you taking proper measures to secure that data?

I have been studying the attacks hackers use, and they are easy to perform. Defenses are much more difficult, especially because Web designers are usually uneducated about security practices. The best way to protect your website is to rewrite your code to reduce security vulnerabilities, deploy layer 7 firewalls, segment your network, collect traffic logs and monitor them, use intrusion detection systems, and have a well-trained security staff to maintain and update those measures. But that takes time and money, and is out of reach for small businesses.

However, there is another approach which will greatly improve the security of a website with very little effort and little or no money: outsource your security to the cloud. Two services that I highly recommend are CloudFlare and OpenDNS.

CloudFlare came to my attention because the criminal LulzSec gang used it to protect their site from their enemies. For 25 days this summer, LulzSec's website stayed up despite serious efforts of many ruthless vigilantes to take it down, including th3j35t3r. So CloudFlare has been proven effective in real combat against the real hackers that are attacking sites right now.

CloudFlare makes your site load faster because it makes cached copies of it in many server clusters, distributed all over the world. Neither your customers nor your enemies ever connect directly to your server--they just connect to the cached version on the CloudFlare system. And the CloudFlare server cluster is well-defended, capable of withstanding DDoS attacks up to 80 Gbps, layer 7 attacks, and other attacks.

OpenDNS protects your network from malicious websites by preventing your users from opening them, even if they click on a link in a phishing email or instant message.

Both OpenDNS and CloudFlare have free and pay service levels, but in my experience even the free versions of both services are better than what 90% of websites are using now. And you can add other security measures in addition to them.

So are you protected by these services? If not, why not? Unless you are really sure that your security systems are better, you are endangering your business for no good reason.

I hate to see so many security breaches when they are so easily avoidable. Please investigate these services, and if you know of other ones that are good, post them in the comments.



  1. Great tips for securing your site and personal network.

  2. I think that it's quite unethical that cloudflare protect those exact entities from which they claim to protect their customers against: