The media has done a great service recently by highlighting some critical vulnerabilities in the world of website hosting. First there was Heartbleed, a bug in OpenSSL that can expose a servers’ private keys and compromise the encryption used to protect online transactions. Then came Shellshock which allows an attacker to remotely gain access to a computer system. The big news today was an SQL Injection in Drupal, an extremely critical vulnerability that gives an attacker total control over websites running Drupal version 7.0 to 7.31.
My goal with this post is not to make you panic, but to show you that unless you are actively monitoring the security landscape and applying new information to your environment, your online presence is at risk. If not today, then tomorrow, or some time in the near future. With Shellshock we saw how large the attack surface could be, potentially affecting everything from DHCP to Git. In order to properly mitigate the risks to your online presence, you need to be aware of both the changing security landscape and how that will affect your environment.
Do you know:
- The web application framework on which your online application is built?
- The versions of development platform, software components, plug-ins, themes, etc. you’re using?
- Whether any of the above have known vulnerabilities?
If you answered “no” to any of these questions, and you have no other way of mitigating these risks, you should strongly consider managed hosting or at least a security audit. For more information and a free consultation, contact SmartGuys Design.