Server Login Protection

The login usernames and passwords for access to the server(s) hosting your web site or application must be protected. If someone has access to your web site's files or the server's operating system, they can potentially alter, delete, copy or add anything they want.

This means every person who requires access having a unique login, and the process of identifying the person and authentication should occur over an encrypted channel (e.g. virtual private network (VPN)). Conventional file transfer protocol (FTP) should never be used, and the service should be disabled or uninstalled in the same way as any other un-necessary service. The FTP log in process is not secure and can lead to the details been stolen and sold to criminals.

Put restrictions on as many of these as possible:

• Who can log in
• What they need to know/have/be to log in
• From where can they log in
• What they can access once logged in

Passwords should be forced to expire, be complex (e.g. length, mixture of case, alphanumerics) and do not allow password re-use (changing a password back to one used recently). Ensure you:

• Change all usernames and passwords when your web site goes live
• Log all failed and successful login attempts
• Log what is done by users
• Review the logs frequently
• Review all user accounts periodically and their permissions
• Revoke accounts promptly which are no longer needed

Watch out especially for accounts used by external or temporary staff, as these can sometimes be forgotten about. Avoid giving access if you can - upload approved modifications yourself for example - at least you will have a record of what has been altered.

I'll include one of my favourite illustrations: the ICRA (formerly the Internet Content Rating Association) web content label generator tool, allows you (or your developers, designers, etc) to give ICRA your own FTP details:

"What happens next?" indeed.