Snappy, The HostGator Mascot

Gator Crossing

The Official HostGator Company Blog!

Dragonfly
AirPlane

Web and Hosting Tips

A Cyber Security Toolkit For Your Small Business

Written by Jeremy Jensen

Monday, October 20th, 2014

Cyber Security Toolkit
As unfortunate as it may be to say, 2013 marked a monumental year in data breaches, mainly for businesses that weren’t prepared with the necessary level of cyber security. According to Symantec’s annual Internet Security Threat Report there was a 493% increase in stolen identities since 2012, amounting to over 550 million affected customers.

Many remember recent headlines involving breaches in Apple’s iCloud, but most of us will never hear about the smaller targets data thieves have been cleaning out due to the lack of media attention. The National Small Business Association put out a survey, through which they found nearly half of all small businesses reported being victim of a cyber-attack.

With a reported 66% of all small businesses depending on the internet for day to day operations, there is still a resounding unawareness to to how damaging a data breach can be to your company’s future and reputation.

Thankfully those coding for cyber security are always a few steps ahead. October is recognized by the Tech Community as National Cyber Security Awareness month, so we wanted to compile a comprehensive guide for small businesses to prevent any such data breaches from occurring as we head towards the end of 2014.

Using four levels of protection will ensure your data stays safe.

 

Securing Your Foundation

Regardless of how big your business is, there are mandatory steps to ensuring the foundation of your cyber security is rock solid. Just like you lock away your valuable possessions, you’re going to need to categorize and document what digital files you’re keeping in vulnerable areas. These categories should be broken down like this:

  • Highly Confidential – All of your most sensitive data should be placed in this tier. This includes anything that if stolen could impact your customers, employees, or business as a a whole. Think identity information, things like: passwords, social security numbers, credit-card info, or names and addresses.
  • Sensitive – The fine line between sensitive and highly confidential is what couldn’t destroy something if stolen in the financial sense. Sensitive documents are things you wouldn’t want seen externally of your business for privacy reasons. Reports on your employees, marketing plans, contact info, or performance data are all sensitive and would be best stored separately.
  • Internal Use Only – Information that is available to all your employees, but still would be best unknown to the public can be classified as internal only. This data may not harm your company, but still is considered items you won’t post publicly.

 

Securing the foundation also means safeguarding all your devices, should a hard drive or thumb device get lost.

 

Level 1 Threat Protection

  1. Restrict Access Points - Knowing which data is the most sensitive will help in choosing who can access it, the less people capable of opening the bridge the less likely a hacker will be able to get in. Always be conservative here, if there’s a document someone will need there will usually be an Admin capable of getting it for them.
  2. Train Employees On Digital Security Basics - Using email, and having to download software isn’t always black and white in terms of what is safe, and what might have some nasty malware zipped up inside. Provide the resources necessary to help your company recognize what threats may be present in the forms of phishing schemes, identity thieves, or even scammers calling in over the phone.
  3. Consider Storing Data On A Device Disconnected From Any Network – If your company has no reason to transfer crucial data remotely, don’t make it available anywhere except in the office, on a machine where employees can access it in person.
  4. Use Reputable Free Software- Not all Cyber Security comes with a hefty subscription fee, check out some verified by the National Cyber Security Alliance on this list.

 

Level 2 Protection

  1. Two-Factor Authentication – This is for the most sensitive data. Not only will employees need a password, they will also need a second step such as a PIN number, or ID card.
  2. Encryption - Encryption essentially mixes up data to look like a bunch of nonsense to those unauthorized to access it. The encryption you use will need to meet the Federal Information Processing Standard (FIPS-Certified), otherwise there’s still potential hackers can read the data by cracking your key.
  3. Hire A Security Specialist - This might mean paying to send a current employee to get certified as a security compliance officer, or consulting a local IT Professional to secure all the devices and networks with current protection capabilities.

 

Level 3 Protection

  1. Physical Facility Lock Down – Despite the transcendence into digital storage and remote access points, much of what can be stolen is still buried in physical machines and data units that can be broken into once removed from your facility. Preventing criminals from entering your building altogether cuts down the possibility what’s inside can be accessed.
  2. Consult Security Tests - Hiring an outside specialist who knows how to test infiltration points is your best friend when it comes to knowing for sure whether or not your system’s security is air tight. If they can get in, you’re not losing everything, and will know what to improve upon.
  3. Personal Device Protocol – Personal electronic devices can be detriments to certain access points. Smart phones that employees have connected to the wifi is as simple as it gets to allowing hackers to tap the network and get whatever data they want being transferred between the device and server. Your IT team can set up minimum security requirements so these outside devices won;t be able to access the network in the first place.

 

Small businesses have it especially tough when it comes to maintaining the security of their data. One breach can ruin the trust of an entire community, which is usually how small businesses thrive in the first place. Don’t allow your business to suffer.

SSLv3 Security Vulnerability aka POODLE

Written by Patrick Pelanne

Tuesday, October 14th, 2014

Tonight Google announced a flaw in the design of SSL v3. We have been tracking this issue after we heard whisperings in private security circles last week. Upon disclosure of the details we began remediating immediately.

The vast majority of end users should not experience any issues as a result of the changes we’re making. In fact, Google estimates this change will affect less than 1% of the internet. (The SSL 3.0 protocol is almost 15 years old but has remained in place to support users running older browsers.)

The attack vector for this vulnerability has prerequisites and is very sophisticated. As such, the real world severity is far below the recent Heartbleed & Shellshock vulnerabilities.

Check out Google’s Security blog for details.

If you would like to be 100% protected, you can disable SSLv3 in your browser settings. Information on how to do this in a few popular browsers can be found here.
 

*****

Patrick Pelanne is Endurance’s Vice President in charge of System Operations. Previously he has served as HostGator’s Chief Operating Officer and HostGator’s Deputy Chief Technical Officer.

Which Is Easier To Learn, Java Or Python?

Written by Natalie Lehrer

Monday, October 13th, 2014

Which Is Easier to Learn Java or Python

When it comes to learning an object-oriented programming language, you might consider starting with either Python or Java. While Python can be more user-friendly than Java, as it has a more intuitive coding style, both languages do have their unique advantages for developers and end users. However, if you are just beginning your path towards a programming career, you might want to start by learning Python, as it is less complex. On the other hand, you will be ahead of many of your colleagues if you are able to understand both. With that in mind, here are the main similarities and differences.

 

Java

Java is unique in its own way and for an advanced programmer, no problem to use. The first Java version 1.0 was released in 1995. By 2004, Java 5.0 was released; this version saw the insertion of generics into the Java language, providing Java with more efficient code and type safety. To date, the latest version of Java is SE 8, and it made its debut in 2014.

Currently, it is widely used as the key programming platform on smartphones and tablets. Additionally, Java programming language forms a large part of the basis for Android’s operating systems. Java syntax is primarily a derivative from C++ and combines universal, organized and object oriented programming that offers automatic memory management. Using Java byte-code is advantageous to porting since it has similarities to machine code. Other benefits to Java include:

•Static typing
•Curly braces used for noting the start and end of functions
•Programs are larger
•Does not compile native bytecode
•Can be run on any operating system that can run the Java Virtual Machine
•Cannot change data types of variables
•Object-oriented programming is mandatory

 

Python

Python was first released in 1989. As a high-level programming language, it makes a strong case for readable code. In addition to supporting object-oriented programming, it also supports imperative and functional programming. This multi-paradigm language is also structure supportive. It offers ‘meta-programming’ and ‘logic programming,’ as well as ‘magic methods.’ Other features include:

•Duck typing (Strongly typed)
•Uses whitespace to convey the beginning and end of blocks of code.
•Programs are small and therefore run much faster
•You need less code to create a program
•This program is slow in execution
•Compiles native bytecode
•You can assign a string to a variable that once held an integer
•Easier to read and understand relative to Java
•Is not supported across a wide variety of platforms
•Object-oriented programming is optional

 

Variances

Both of these development programs come with their strong suits. While Java allows you to enjoy cross-platform support, you can still execute Python on at least 10 different operating systems. You need to determine what your end goal is before you decide on which program to use. Java, however, is not recommended for beginners as it is a more complex program. Python is more forgiving as you can take shortcuts such as reusing an old variable.

Additionally, many users find Python easier to read and understand than Java. At the same time, Java code can be written once and executed from anywhere. A benefit to the Java platform is that it lets you download questionable code and run it in a secure environment, which cannot affect its host system. Furthermore, Java is network-centric, meaning you can create network-based applications.

Whichever you choose to learn is based upon your preferences, determination, and background. If you already comprehend the basics of Python, you might want to expand upon your knowledge before moving on to Java. However, if you have the time and will, learning Java allows you to program for a wide variety of environments that might make it more fulfilling in the long run.

*****
Author Bio:
Natalie Lehrer is a senior contributor for CloudWedge. In her spare time, Natalie enjoys exploring all things cloud and is a music enthusiast. Follow Natalie’s daily posts on Google Plus, Twitter @Cloudwedge, or on Facebook.

 

Image source: https://www.flickr.com/photos/ahayward/21203103/in/photolist-2SEWK-gu8vyH-9dampt-gu9efE-gu8wyi-gu82cw-gu9eKC-gu9pbP-gu98Fd-gu8wge-gu8QvR-gu93vo-gu9e7o-6Fypq-9H4Sh6-4p3T96-2SEWd-chREkJ-ez4jVd-gu9fpa-gu87nS-gu9ntk-gu8XML-gu8MRx-gu8Ryx-gu988E-gu9cke-gu9eca-gu9oRv-gu88r5-gu95sj-6hJWKV-gu82XE-gu8RZx-gu8NJz-gu9hst-gu8SHh-gu8c5C-gu9ubZ-gu9tTz-gu9w4X-gu8Xa3-gu8a5f-gu8CPp-gu9env-gu8Ayc-gu7Z6N-gu8Ex4-gu9aHE-gu86V9

Performance Testing: Latency, Load, Stress, or Soak?

Written by Natalie Lehrer

Thursday, October 2nd, 2014

5 heavy load

How well does your web hosting perform? Are you sending web pages in a timely way to visitors to your site? Is your application correctly handling simultaneous requests? Do you actually know what can be measured – and which measures are relevant to your situation? Web hosting performance testing can give you valuable information that can let you keep visitors longer on your site, make sure you can accept the right number of simultaneous visitors, handle overload situations and detect possible design or programming deficiencies.

 

Latency or How Long It Takes to Get Back to a Visitor

Let’s start with the case of just one visitor (naturally, you’ll probably be aiming for rather more, but we’ll discuss this below.) Normally, you want the response time for that visitor to be as fast as possible. In other words, between the moment when the visitor clicks to send you a request and the moment the visitor sees your response, the least time possible should elapse. This ‘latency’ can however be determined by several different things, including the power of your web hosting platform, the size of your network connection and the power and network speed of your visitor’s computer. You can improve the first two, but the last two are out of your control (although keeping your web pages simple may help.)

 

Performance Under Load

Ideally, you should have an idea of how many visitors are likely to access your web hosting platform at the same time. If this is not feasible, then you should at least know how many average or typical users can actively work with your site simultaneously, and plan ahead for options to increase capacity if you need to. Different solutions, either free or paying, online or in-server, are available for conducting load tests with up to a few million simulated users or more. Whichever solution you choose, make sure your test is representative of both user numbers and types of activity, including number of pages called per hour, number of requests for database information, ‘think time’ and so on.

 

When It’s All Just Too Much

If your web site is significantly more popular than you imagined, your web hosting facility may not be able to cope with all the traffic. Then what happens? Does your site send out a polite apology about lower performance while stopping any new connections, or does it just crash without warning? Stress tests are designed to find out what (really) happens under conditions of excessively high loads. How much this affects you will depend on what kind of website you operate. A web site for a bird spotting association that simply crashes may just be an irritation. A web site selling hot new fashion articles that simply crashes could lose you important revenue and customer loyalty.

 

A More Technical Test

The soak test is done by starting your web site or application and leaving it to run (normally) for an extended period of time to see whether this produces any abnormal conditions either in the application or in the web hosting platform it runs on. One example would be memory leaks, a common enough problem when an application uses some main memory, but fails to return it for general use when it’s finished with it. Testing for these kinds of conditions typically requires technical expertise, for example by the person or team designing the application in the first place.

 

Finally, Who is the Judge of ‘Good Performance’?

Performance, ultimately, is all about making sure customers or end-users are satisfied with what they experience. Your web hosting platform may be supercharged in processor power and memory, yet they may still complain. Or it may be far more modest and still reply adequately to user expectations. Falling traffic and user comments on your blog (or similar) may indicate a problem, but prevention is always better than cure. There’s only one way to find out what users really want, and that’s to ask them. Armed with this information, you can then do the right performance tests and confirm or tweak afterwards, as appropriate.

 

*****

Author Bio:
Natalie Lehrer is a senior contributor for CloudWedge. In her spare time, Natalie enjoys exploring all things cloud and is a music enthusiast. Follow Natalie’s daily posts on Google Plus, Twitter @Cloudwedge, or on Facebook.

Image source: https://www.flickr.com/photos/video4net/4102797678/in/photolist-7fxUP1-csmoYf-7C3yps-9RCj9C-ahC6R9-zhLTR-65ho4J-65hog3-65d6Gc-65d7Ex-65d7ug-65d7i6-9ME8p3-aWJPyZ-65jBWR-7C3ypb-7C3yoN-7BYKHv-7C3yoY-4Whues-9oXHMe-4So2a5-wEq41-6F8avn-xvcic-dzZjrH-4So2pQ-9kzTZu-ayfSbd-zhMYn-ahCo27-8KtMnD-5NFE6D-9ME8pd-8kQ3b-4So2Zo-4SiPLi-8p1sAC-hYuBDZ-9ME8p9-9ME8ph-deYPPh-ahzkA6-zhMYj-xvcia-enp8Um-ahC7HY-ahCnjS-ahzA8t-ahCns5

qwaszxerdfcv3.14 | 1776zxasqw!!