By Brad Pierce, President Restaurant Equipment World
The origin of hacking online sites dates back almost to the advent of the internet itself.Back in the early days, hackers were typically referred to as "script kiddies" who would hack sites for fun. As the internet has evolved so has hacking, and now it's big business filled with illicit intentions.So, how do you protect your site from hacking attacks?
First and foremost, use strong passwords.This is actually much easier than it seems.A strong password contains upper and lowercase letters, numbers and symbols and is a minimum of 10 characters long.For servers and critical machines, I typically recommend even longer passwords to ensure that brute-force password attempts by automated machines aren't successful at "guessing" your password.Creating a strong password seems daunting at first since it not only needs to be complex, but also to be a sequence that can easily be remembered.Here's a trick.Take a look at the following fictional password:"HmniB&Ih2k".It seems pretty random and difficult to remember, until you dig a bit deeper.It's actually just the first letters of each word in the phrase "Hi, my name is Brad & I have 2 kids".The password is quick and easy to remember, yet the sequence is one that no stranger would ever be able to guess.It's also long enough that it would be unlikely for a brute force attack to be successful.
Using strong passwords is only one step in the process of securing a site.Another effective step includes limiting access to critical functions, such as FTP file transfer areas, blog logins, webmail and other services, to authorized systems only.If you've use a static IP address (one that never changes), it is easy to restrict access only to that address for these services.If you have a dynamic IP address (one that changes), you can still limit access just to the general IP address range your ISP uses to dramatically limit your exposure.The premise here is that hackers can't attack your site if they can't gain access to critical areas.If you're unable to limit this access with IP based filters, at least ensure that these services automatically lock out IP addresses for a specified period of time after a certain number of unsuccessful logins are attempted.
Lastly, even if you don't accept credit card transactions on your site, you may want to consider getting PCI (payment card industry) certified.This is an inexpensive process that involves a security software vendor scanning your site for vulnerabilities.Many of these vendors even provide a report that details how to fix vulnerabilities to ensure your site is as secure as possible.
While no hack-proofing concept is foolproof, these steps will make your site a much more difficult target.Most hackers use automated systems that recognize they're wasting resources continuing to attack your site and will quickly move on to less secure targets.