In this article we thought we would define many of the common terms that are used when we talk about website security with our customers. We have written this for our friends owning and running small businesses that do not understand technology and want to understand the terms in plain english.
Cyflare is highly sensitive to making sure this very complicated issue we solve each day with website security is easy and hassle free for our customers.
CDN – Content Delivery Network. This essentially is a large group of computers distributed around the globe that process requests for your website from an end user. A request is made by an end user and based upon where the end user is requesting from (country / city) we will process the request through the closest computer to ensure the website delivery is as fast a as possible. Timing is everything when it comes to keeping customer interest and the search engines ranking your website well.
DDOS – Distributed Denial of Service. This is an attack type that the bad guys use. Essentially they take a bunch of computers under their control (many times those computers are hacked) and they will begin to make repeat requests to your website. Your web server becomes overwhelmed and cannot keep up with the all the requests so only some, few or no requests are answered to the computer no longer having resources to answer requests. It is kind of like when a bunch of people are talking to you, your brain shuts down and you can no longer process the input and properly respond to those people.
Hack – Generic term used for doing something malicious to break into a system for financial gain or other malicious intent.
DNS – Domain Name System. This is the backbone of the internet. All computers on the internet have an IP address. Those IP Addresses come in the form of 12 digit numbers broken up into 4 octets or brackets. An IP address looks something like: 188.8.131.52. Imagine being told to go to that address in order to buy your next product or read the latest news? No one could remember that! So, DNS was born to help keep an electronic phone book of sorts to map those complicated numbers to easy to recall domain names that end in common extensions like .com or .net. Think of .com and .net as top level realms like the US and UK are two different countries.
Web Host – This is company that is providing internet connectivity, an internet connected computer and the ability to upload and serve website code to end users requesting the contents of those web pages.
Web Server – Simply stated, it is a computer on the internet that listens for web requests and responds to those requests on demand. This makes your website code visible to end users.
IP address – This is an unique address for your website on the internet. Every website on the internet has an IP address. It is similar to a Social Security Number of a US citizen.
Malware – Any software that has been created and being used with malicious intent.
Ransomware – This is arguable the most prolific kind of malware where the software encrypts all files on your system making it impossible to get access to your files, images etc.. It then requests that you send money to the hackers (usually over a cryptocurrency like bitcoin) in order to get those files back.
SQL Injection – A primary type of attack the bad guys use to attack websites that have databases storing data in the backend. A Web Application Firewall can prevent SQL injection attacks.
Blacklist – If you end up on the blacklist of Google and Bing your website will not be accessible to visitors without them being confronted with a security warning for your website and you will suffer significant demotion in the search engine rankings. This is the last thing you would want to happen to your website.
Load Balancer – Distributes traffic to your web server based on internet speeds and web server availability. This allows for the request to be processed most efficiently and the end user to receive the web content as fast as possible.
SSL – Secure Sockets Layer. This implements certificates which validate the website is who it says it is. It is an encrypted connection from the end user machine to the web server so that if the traffic is intercepted is unreadable to bad guys.
WAF – Web Application Firewall. The WAF does many things but its primary job to is block the bad requests and allow the good. WAF is the primary mechanism for prevention in the CyFlare Pulse Prevent solution.
Rate Limiting – This feature limits the number of requests that can be made from a specific computer on the internet to your website. This disallows too many transactions from happening and overwhelming your web server.
PCI Compliance – Payment Card Industry Compliance. All websites taking payments directly on the website MUST have a Web Application Firewall in front of it or the website owner is subject to fines should the website become compromised. These fines are generally $50 – $90 per record stolen. This quickly adds up!