March 29, 2005 - (HOSTSEARCH.COM) - Web host AIT has engineered a security blanket for its shared and dedicated hosting accounts – a server scan that scours dedicated machines for potential back-doors and peers into shared solutions for possible script exploits. The web-based application then follows up with information about service packs and patches for dedicated customers, and recommended actions that shared hosting users can put into place. The scan is geared toward giving server and web site owners an extra set of eyes in taking pro-active measures like shutting down ports, deleting unused accounts, or cleaning up bad scripts. Shoring up weaknesses that can be easily overlooked goes a long way toward stopping malicious operators from getting into individual servers and infecting entire networks.
“Hosting companies like AIT, with thousands of customers and servers, make inviting targets for phishers, hackers, and other threats,” said Clarence Briggs, AIT’s Chief Executive. “Attacks have evolved beyond spam to include threats aimed at servers and web-based applications. Our intrusion-detection systems cover multiple layers of the network, but it is important to get individual customers involved, to make sure they are not inadvertently exposing themselves.”
In the past several weeks, several major security incidents have been reported to include phishing attacks against Yahoo, and data thefts involving both ChoicePoint and LexisNexis. AIT sees this service as extending its corporate emphasis on pro-activity to the individual user.
“Security is an issue for both service provider and customer, particularly where common protocols are concerned since those can often become points of entry,” says Kirk deViere, the company’s Chief Operating Officer. “Security is about prevention. Are passwords changed when employees leave? Are unused accounts deleted from the system? Are you sure CGI scripts are safe? Customers with early-detection capability is much less likely to become a victim.” When malicious code is used to take advantage of a poorly-concealed password, for instance, a hosting account can be compromised. The security scan works to prevent instances like that.
AIT first introduced a limited version of the server scan about 6 months ago specifically for its self-managed dedicated servers, which provide root access and multiple IP addresses. But, with the volume of shared accounts in AIT’s server farm, making the service available one level deeper made sense. “Small businesses think of the advantages of going online, not the risks,” says Briggs. “If they are aware of the risks, they are more likely to take steps that minimize exposure.”
AIT also provides a firewall at the server level for dedicated hosting customers who want an additional blanket of protection. And, the company has a monitoring service for self-managed machines that watches over functions like http, ftp, and mail.
