>  good computer Karma

> file sharing sites

>  How Do We Select an Internet Provider?

Michelle asks: Hi Steven, How are you? I was referred to you thinking you may be able to answer a vendor site scanning question I have. I have just developed a site with e-commerce and can either go with Trustwave which scans monthly or McAfee which scans daily. I am not sure if McAfee is overkill or a really good idea and conversely if Trustwave scans more than enough or leaves a risk. Can a breach happen within a month if at the start of the month, there were no vulnerabilities? My programmer advised me but I am interested in a second opinion. I understand if you do not give out advise to people that are not your clients, but thought I should try since my friend so adamantly recommended you. Best Regards!

 

Answer: Hi Michelle. Consider these scenarios:

> would you feel “safer” if you had to take your shoes off at the airport every 100 feet rather than once at the first security checkpoint? In fact, is taking off your shoes once or 100 times contributing to the safety of your flight? You just want to get on your flight and get home.

> If you installed a fancy alarm system and security gates and cameras at your elderly parents’ house, would they be “safe” if your mother is forgetful and leaves the front door unlocked or your father doesn’t ever set the alarm when he goes out?

 

Computer security is also like that. A lot of so-called security firms try to sell you on their list of “security features”, as if the longer the list, the more secure you should feel. If it was that simple, you wouldn't be reading about security breaches at large corporations in the news so frequently. If you look hard enough you will always find a provider that charges a bit less or offers a bit more online storage, but at what cost? None of those features matter when an issue arises.

 

More relevant questions to ask when selecting an Internet Provider for your email and web hosting are:
> how well does the company disclose outages and breaches?
> how often and how thorough are their backups of the servers and your data? (this impacts how quickly they can recover from a major system failure or security breach)
> whose webserver software are they running? Are they fully patched and up-to-date?
> what is their track record there? how have they handled the inevitable attacks in the past? how openly do they communicate with their user community?
> what kinds of security and audit practices do they follow? Whose database technology do they use to store information? How do they firewall payment system networks from the rest of their corporate infrastructure?
> Do they ever allow customers (people like you) to save important customer information on their webservers in unencrypted form? If they're lazy with things like that, what else might they be lazy with?

 

These are the types of questions whose answers really matter, because when there is a problem, that is precisely when you need to be able to assess the risk to you and your business and your customers. Without that knowledge, you can't assess the risk and you are flying blind. Some individuals and businesses I encounter are using the vendor who provides their physical Internet connectivity for their email and web services. We strongly recommend against this because cable companies and telephone companies that provide broadband to your home or business are not expert in managing web and email farms, and they don't have the economic incentives to develop that expertise, even for “business class” services. Moreover, for operational redundancy, and for easier troubleshooting, it is always best to use companies with no common interest for these two separate functions.

 

In answer to your question about the efficacy of virus scans, a "breach" can happen seconds after a successful scan. The breach could be completely unrelated to your website, yet you can be affected by it if the server on which your site resides is under attack. Scanning for viri is but a small part of the holistic security process that involves layers of security and detection. I would not trust a company offering different levels of security - I would expect them to implement to most reasonable, strongest security... everywhere within their infrastructure.

 

My Internet Provider for my personal and business email and web hosting is Pair Networks. I have been a customer and a fan since 1997 when I implemented my first website. I have referred dozens of clients and friends over the years to their services with great confidence. They have many long-term customers like me that have evolved with technology since the Internet became popular and consider ourselves fortunate to have had the support and consistency of a company like Pair Networks. It's an extremely loyal community, and Pair encourages customer interaction through their own forums. So it is a very open and healthy group. Pair has managed their growth and remained an independent Internet Provider for over 17 years, which in this industry, is rare. I moved your friend’ hosting there. I believe she is very happy now.

 

© 2014 compuKarma, Inc. All Rights Reserved