|
|
 |
 |
|
On
the Web, you will want to ensure your privacy
and your site's security. If you are engaging
in E-Commerce, you will also want to ensure
the security of data that passes between you
and your customers. Online AccessTM supplies
SSL capabilities.
There
are some important security measures that you
can take as well. You must be careful with
your passwords, in how you design them and
to whom they are distributed. You can also
password protect parts of your Web. Additionally,
you need to change your passwords often, especially
if there is a turnover in the people who have
access to them.
For
additional information, we have included some
links below about privacy, passwords, and encryption.
If you have any questions or concerns about
security and your Website, please call Online AccessTM Support at 888-818-0444.
General
Security Resources
The WWW Security FAQ
Privacy
Electronic
Privacy Information Center Home Page
Passwords and Account Security
Why you
need to be careful in selecting passwords
|
|
|
Secure
Socket Layer (SSL) |
What is SSL?
"SSL" stands for Secure Sockets Layer. It is a security protocol that encrypts
all of your connections with a Web server. SSL thwarts eavesdroppers who could "sniff" your
Internet packets for sensitive information such as passwords and credit card
numbers. Thus, SSL has made on-line commerce viable for all web users. SSL was
designed by Netscape and was originally incorporated into the company's Web server
and Web browser software. Since then, SSL has been included in products from
every major developer of Web software.
Netscape defines its product as follows:
Netscape Communications has designed and specified
a protocol for providing data security layered between
application protocols (such as HTTP, Telnet, NNTP, or
FTP) and TCP/IP. This security protocol, called Secure
Sockets Layer (SSL), provides data encryption, server
authentication, message integrity, and optional client
authentication for a TCP/IP connection. SSL will enable
a Website visitor's browser to connect and transparently
negotiate a secure communication channel. Once this connection
has been made, information can be exchanged with theoretically
no chance of any unauthorized third party interpreting
the data.
|
|
|
How does SSL work?
Quoting from the technical
specifications of Netscape Data Security: "SSL provides a security "handshake" that
is used to initiate the TCP/IP connection. This handshake
results in the client and server agreeing on the level
of security they will use, and fulfills any authentication
requirements for the connection. Thereafter, SSL's only
role is to encrypt and decrypt the bytestream of the
application protocol being used (for example, HTTP, NNTP,
or Telnet). This means that all the information in both
the HTTP request and the HTTP response are fully encrypted,
including the URL the client is requesting, any submitted
form contents - including things like credit card numbers,
any HTTP access authorization information - usernames
and passwords, and all the data returned from the server
to the client."
Specific web server software implements server-side support
for HTTP over SSL, including support for acquiring a
server certificate and communicating securely with SSL-enabled
browsers. The final step necessary to ensure that the
web server has the proper security verification is the
registration of that site's encrypted key pair as generated
by an encryption authority (such as VeriSign). Without having an installed verified
encrypted key pair, the site is no more secure than any
other Web server. |
|
|
|
Can I use Online Access’sTM certificate and SSL connection?
Online AccessTM allows
its customers to use the Online AccessTM SSL
Server certificate. Depending upon the hosting
plan of your account, this service may already
be included; otherwise you must contact Technical
Support at Online AccessTM by
calling 888-818-0444, to request SSL for a nominal
fee. Once SSL has been enabled on your account,
the Online Access TM Web
server that hosts your page is ready to securely
serve any directory, web page, or image within
your account. This is done by referring to a specific secure
URL location for secure documents. The URL includes
an "s" after the http (for example, https://servername.onlineacc.com/yourdomain/filename.htm rather
than http://domainname.com/filename.htm.)
|
|
|
|
How do I use Secure Socket
Layer (SSL) for secure transmission?
Once SSL has been enabled on your account
(see above), the Online AccessTM Web
server that hosts your page has a complete secure
Web server included for your use. The only changes
you need to make are renaming the URL's of the
Web pages you want to be secure. Contact Technical
Support at Online AccessTM by
calling 888-818-0444 to get the host name of
your Web server, and then name your Web pages
as such: https://servername.onlineacc.com/domainname.
For example, if your domain was joe.com and the
host name of your Web server given to you by
Online AccessTM Technical
Support was secure.Online Access.com,
then you can use SSL on your Website by using
the URL: https://secure.onlineacc.com/joe
|
|
|
|
I don't want to use Online Access'sTM name in the URL when I use the SSL certificate.
What can I do?
If you
would rather not use Online Access’sTM certificate you must purchase your own certificate
from a Certificate Authority such as Verisign or Thawte.
|
|
|
|
Can I use a less expensive
certificate, like a Personal VeriSign Certificate?
No. The Server certificate, or a similar
type from another vendor, is necessary as it
establishes the SSL connection from the Server
to the user's browser. Personal certificates
are only for use in verifying the client to the
server and are intended for individual use only.
|
|
|
|
Restrictions
The restriction for utilizing SSL or an SSL-enabled
product is a propriety one... i.e. it requires specific
browser software to fully integrate all of the encryption
schemes necessary to maintain security.
The steps in this process are:
Request to Online AccessTM that
a key be generated. This will create a temporary certificate
that is termed "Self-Signed". It guarantees who you
are on the Web until the permanent certificate is completed.
Most people utilize this for testing purposes only.
We will forward a copy of the request to you once it
is generated. Then, go to the appropriate Certificate
Authority site and fill out the request for a Digital
ID for your web server. You will have to paste the
request into the form there.
Note: you can use: http://www.verisign.com .
When the Certificate Authority sends the final certificate,
forward a copy to Online AccessTM and
the finished product will be installed.
|
|
|
|
Where do I get support
regarding VeriSign?
Information on Server IDs from VeriSign can
be found at
http://www.verisign.com/server//index.php.
If you need to have a certificate installed by Online AccessTM, please contact
Online AccessTM Support
at 888-818-0444 and make your request. Please refer
to questions related to SSL for more information on
secure transactions.
|
|
|
ABUSE
|
|
What is a Denial of Service Attack? How could an attack
affect my service?
A Denial of Service
Attack (DoS) occurs when someone executes a malicious
program on a server
or on part of the network. Usually, these programs
are designed to "flood" certain network resources
(such as routers or switches) in order for the
attacker to gain access to some other resource
they deem to be desirable (maybe a specific server),
or simply to knock the machine off-line. Most
often, the attacker has a specific server as
a target; if they cannot gain access to or bring
down the specific server, they sometimes resort
to attacking the entire network.
At Online AccessTM,
we have many security measures in place designed to
provide safety for your Website. Our Network Engineers
monitor our network and all of its servers 24 hours
a day, seven days a week. They are alerted if there
is any sort of attack on our network or any of its
components.
In the case of an attack on Online Access'sTM network,
our Network Engineers immediately swing into action
to stop the attack. Sometimes this requires that they
shut down the component that is under attack to ensure
its safety. Attacks are almost always resolved in under
a half an hour, so there should be minimal impact on
your Online AccessTM service.
If you think your server or site is under attack, notify
Online AccessTM Support at 888-818-0444
|
|
|
|
What is Online Access'sTM policy on spam?
Online AccessTM does
not approve of spam in any form. If you have
received spam, please call Technical Support
at 888-818-0444 to report the incident. Online AccessTM will
determine the source of the spam and take the
appropriate actions.
If you are found guilty of sending spam, you will have
violated the Acceptable Use Policy and will be subject
to disciplinary action as follows:
- First
offense will result in the receipt of a warning.
- Second
offense will result in the termination of
your account.
|
|
|
|
|
