security page – web designs

Peace of mind

webdesigns.website implements a host of security layers to help its clients focus on running their business knowing that they are protected online. In Internet technology, running the whole gamut of strict security implementations compromises the performance of websites – we found synergies between performance and security, giving you the best of both worlds.

Reputation based threat protection

This means that a profile is built on the reputation of the traffic coming to your site. Based on the generated confidence on how legit that traffic is, various actions like letting the traffic go through or blocking the traffic or challenging the traffic are taken and this is done in an intelligent fashion, being able to tell what is good and what is bad with a very high degree of confidence.

Comment spam protection and Bad bots

Comment spam protection

Doing a similar thing with comment span protection, because of understanding traffic patterns that constitute comment spam, we can protect against it. When there’s a sufficient degree of confidence that the traffic is going to be spam, a validation step is put in place to establish whether it’s legitimate or not.

Bad bots

A bot (Internet bot/web robot/WWW robot), is a software app that runs automated scripts over the Internet. They typically perform simple and repetitive tasks, at a much high rates than would be physically possible for a human to perform.

Bad bots run scripts with malicious intent and are generally unregulated. The activities they perform stress your Web servers, and drain the available bandwidth affecting genuine users on your website, trying to access your content.

Bad bots can also populate your website with intrusive spam content like ads or messages and also put links that point to different unsecure websites.

Basic DDoS protection and Brute Force Attack

Basic DDoS protection

The huge network of 10Tbps can absorb and handle DDoS attacks of over 600Gps

We provide a basic Distribution Denial of Service protection, a threat that has been increasing massively in recent years. We protect you with a premier service against this style of attack. Many Insecure IoT devices are exploited to create botnets that send high volumes of illegitimate traffic to a websites, degrading performance, availability and more often than not rendering the website offline completely. Consequently, this can lead to customer distaste, degradation of your brand and lost business.

Brute Force Attack

This is a trial-and-error methodology ran by automated software scripts to do high iterative consecutive guesses as to the value of the desired data, that being information such as a user password or personal credentials.

Core code Files protection

Think of it as too vital of lines of code and supporting infrastructures that must not be compromised at all costs.

security implementations in this area is put at a very high level. Protecting the lifeline of your website.

Firewall & Bad IP Address Blocking

Firewall

A computer software firewall is a system designed to prevent unauthorized Internet users from gaining access to or from a private network. Firewall implementations are prevalent in intranets, but Kernel Industries adds this layer of security in tandem with other measures.

Blocking visitors by IP Addresses

We’re also able to automatically and explicitly block IP addresses that try to repeatedly log into your website with invalid login credentials. So if there are IP addresses of organisations or individuals that you want to keep out of your site, we can configure this for you.

Content Delivery Network (CDN)

CDN

A CDN that is built from emerging technologies to optimize performance, reliability and security, to ensure that you receive the most advanced protocols on the web. We use a Content Delivery Network that caches your website on a global network of over 100+ datacentres, taking your website closer to visitors from every region. Making your website well placed even for server disaster recoverability.

The traffic hits any of the 110+ data centre endpoints (depending on the closest geo-location of your users) before it hits your site. Providing you with enough endpoints closely located to such a large global audience….

Secure DNS (Domain Name Servers)

How about a DNS domain managed for security and performance with an average query string of a few milliseconds (making it the fastest), and with no DNS propagation delays when we hand over the website to you- making sure your website stays online and available. Powered by the same Content Delivery Network; – significantly reduces latency due to geographical difference between visitors to your site and physical locations on servers.

SSL (Secure Socket Layer)

Secure Socket Layer encryption for delivering your site over HTTPS.

We provide encrypted connection to our client’s sites using modern cryptography of TLS (Transport Layer Security) SSL certificates, scoring well over the 80^th percentile range in all four major SSL category rankings (Certificate, Protocol Support, Key Exchange, Cipher Strength).

If your traffic isn’t encrypted, eavesdroppers could watch what’s going on in that network communication. If you have a man-in-the-middle-attack, you’ll have confidentiality risk – your traffic could be observed. Moreover, you’ll also have no integrity, the man in the middle could manipulate the content, an example would be changing the function of a form such that when someone logs in with their credentials, the form posts it to another server. Anything not loaded over an https connection cannot be fully trusted. The other thing is that people won’t have confidence in the authenticity of the site they are visiting if that site is not loaded over an https connection because they won’t know whether that site they’re visiting is legitimate or not because it doesn’t have to present an SSL certificate to verify itself.

We use servers that support TLS_FALLBACK_SC SV to prevent protocol downgrade attacks.

Please note: our sites inly work in browsers with Server Name Indication (SNI) support. SNI is an alternative to how we used to always stand up SSL, which was an IP based SSL, where you had to always have an IP address for each certificate. Importantly, SNI works in almost everything fantastically, but it is worth noting that there are some legacy browser and operating system combinations that this won’t work on. As an example, internet explorer 8 on Windows XP cannot work with SNI SLL. However, this combination is almost nonexistence today.

Understanding Transport Layer Risk (where SSL is a good use case for protection):

Rogue Wi-Fi

One of the risks that’s you face is a visitor using a rogue network. Rogue for example could mean that the free café Wi-Fi you connect to could be saving all the packets that go back and forth. It could also be that someone setup a malicious Wi-Fi deliberately and called it free so that people use it, and use that to intercept the network. A more malicious style of attack could be using a device such as a Wi-Fi pineapple, which tricks people to connect to it without them actually consciously connecting to the network – their devices just suddenly connect to the pineapple and start sending all the traffic through it.

DNS hijacking

Many attacks have been seen in the past where the DNS settings on devices such as routers or PCs are hijacked such that the name resolution is pointed to another server. The client is connecting to a name that it trusts, but that traffic is routed through to an attackers’ server. This is another case where SSL brings authenticity to your site.

SQL injection

SQL injection is one of the most prevalent application layer web hacks. Malicious code is injected into SQL strings via web pages inputs that are then passed into instances of SQL Server for its parsing and execution. A SQL Server attack might actually destroy your database.

As a prospective client/customer wanting your own built website, you want to have experts at the helm.

File-Hotlinking

Picture this, a picture hosted on your website is showing on another site (let’s call it nefarious-siteA.com), and upon inspection of the source code of the picture at nefarious-siteA.com, the source code shows the picture’s path pointing to your website’s URL. In this example, nefarious-siteA.com essentially stole your picture by hot-linking it.

In a nutshell, file hot-linking is when another website, without permission links directly to resources that are hosted on a different server, essentially stealing bandwidth and benefiting at the expense of whoever owns that server.