The Entrepreneur Forum | Financial Freedom | Starting a Business | Motivation | Money | Success

  • SPONSORED: GiganticWebsites.com: We Build Sites with THOUSANDS of Unique and Genuinely Useful Articles

    30% to 50% Fastlane-exclusive discounts on WordPress-powered websites with everything included: WordPress setup, design, keyword research, article creation and article publishing. Click HERE to claim.

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

Join over 90,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.

Join FREE
Download Books
No Ads? Join Insiders
Free registration at the forum removes this block.

Security of your web business.

Sort By Best Posts
theBiz

theBiz

Silver Contributor
Speedway Pass
User Power
Value/Post Ratio
46%
Jul 9, 2009
1,162
535
NY
I have been speaking to a few web developers lately and asking what can be done to completely secure my online databases like names emails and such. Prettymuch they have all told me if someone really wants in they are getting into anything. Is this true, I mean if my db's got stolen it would defeat the entire purpose and it would put me at a huge loss. Where do I go to find out the truth. Regardless of price how to I consult the best of the best. It is difficult to know who's lying or is wrong since I don't know. Its frustrating when its out of my hands because I simply do not know enough. This has been something I've been struggling with and I would really appreciate some help. Thank you it is bad enough people can just scrape your content but along with getting into your db's this is just ruining someones business.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.
F

FDJustin

Contributor
User Power
Value/Post Ratio
11%
Apr 30, 2010
715
79
Canada
There's no such thing as perfect security, that's true. Doesn't mean you can't keep things reasonably secure. This is the comment I got from a friend of mine:

Basically, he should take steps to secure his databases: spring for dedicated machines in a secure colocation facility; or at least a VPS with a trusted provider. Make sure the machines are secure (i.e. don't host on windows/iis). Audit installed packages, running daemons, firewall rules, and such to make sure only stuff that the service explicitly requires is running and available. Keep up to date with operating system, core package, and webapp package vulnerabilities and security updates.
Minimize the amount of information that is collected and stored, to mitigate the backlash in the event there is a breach. Don't store passwords in the clear, don't ask for private information unless there is a very very very good reason to possess it, make sure any private or sensitive information that is retained is encrypted in such a way that only the authorized people can decrypt it, etc..

If a security breach happens, tell people. Don't just try to cover it up.
Oh man, what a day! An update on our security breach - Atlassian News
Click to expand...

The blog post is a good report on what happened with a security breach, how they handled it, etc, etc. Worth a read.
 
LightHouse

LightHouse

Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
163%
Aug 13, 2007
4,303
7,032
Northern VA
There is a lot you can do, but without hiring it out your going to have to learn. i have learned a ton over the last year. You will definitely need to be in control of your entire server meaning xen VPS or a dedicated server. Dedicated would be my suggestion. There is a long list of things to do to secure your machine, coupled with keeping an eye on things you can avoid most problems unless you make some bad enemies which likely wont happen(?) I hope anyway
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.
theBiz

theBiz

Silver Contributor
Speedway Pass
User Power
Value/Post Ratio
46%
Jul 9, 2009
1,162
535
NY
yes it is dedicated. As much as i learn im not an expert and it will take too much time to be the best at it, it only takes 1 person to break in. I would rather consult someone who could make it bulletproof. Where should i start, i mean im surprised this is not easier to find people to help me out with this. thank you again
 
andviv

andviv

Gold Contributor
Read Fastlane!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
40%
Jul 27, 2007
5,361
2,143
Washington DC
I am very very biased on this as we offer this service. Yup, it is true, with enough resources (i.e. time, right tools, and motivation) ANY server could be hacked.

Don't let scare you though.

As mentioned, there are some basic practices to take care of the fundamentals.

Server/Network side:
I hire a white-hat hacker who works for the U.S. government to run a scan against the server to verify all known vulnerabilities are being taken care of. If you want to do it yourself, you could get a tool called Nessus and try to figure it out, but I don't recommend you do it if you don't know enough, it could give you a false sense of security.

Also, from the application's perspective... making sure that XSS (Cross-site scripting) and SQL Injection vulnerabilities are not exposed is very important.

From the database perspective, sensitive/critical/privacy data should be encrypted in the database. Modern Database Management System (like MS SQL Server and Oracle) have that functionality already included, but the developer needs to make sure that is done so the data is not "human-readable" if a hacker gets in contact with the database.
 
kwerner

kwerner

Bronze Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
19%
Oct 4, 2007
1,385
265
This is probably a stupid question that's going to get a lot of conflicting responses, but I'm going to ask it anyways...

haha

Would you guys have any recommendations for a hosting provider for VPS or Dedicated Server? Maybe even the pros & cons of each?

Honestly, I'm not educated enough to know the difference between hosting companies and the services they provide.

But my situation is pretty similar to theBiz's...

We'll need to install some software on the server and run MySQL database. Don't think we'll be using a lot of bandwidth though - no downloading, videos, or music (the typical bandwidth hogs).

Thanks guys!
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.
mtnman

mtnman

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
28%
Oct 3, 2007
1,745
494
Knownhost or liquidwebd for vps
 
mtnman

mtnman

Bronze Contributor
Speedway Pass
User Power
Value/Post Ratio
28%
Oct 3, 2007
1,745
494
Actually wiredtree too, but knownhost has been the best value for me as far as vps accounts go.
 

Sponsored Resources: Jumpstart Your Fastlane


forum sponsor

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Guest post submissions offered HERE.

Latest Posts

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top