If you’ve ever peeled an onion, you’ve seen the multiple layers that make up its existence all the way to the core. Securing your Web presence requires the same approach and it’s called “layered security”. Also referred to as “defense-in-depth”, the layered web security approach serves as a set of hoops an attacker must jump through before he can gain access to your systems.
A solid – and proven – layered security approach to help protect Web environments consists of the following base controls:
- Network perimeter security such as firewalls that limit the traffic that can reach the Web server and intrusion prevention systems (IPSs) that can detect and block anomalies and attacks
- Strong passphrases on the website that are easy to remember but practically impossible to crack
- Anti-malware protection on the Web server
- Auditing logging on the Web server that’s proactively monitored – ideally via a third-party tool or managed security provider that specializes in security event correlation
- Current application and operating system patches on the Web server
- Securely-coded Web pages and related applications (i.e. WordPress and traditional Web content management systems)
Every Web environment is different and every business and individual has a different tolerance for Web-related security risks. Also, noticed I said “help protect Web environments”. All the defenses in the world won’t protect any given Web environment 100 percent. Given the technical nuances of Web attacks, varying security architectures of hosting providers and Web platforms, politics and other human factors, no Web environment is – or ever will be – completely secure from every possible attack.
The important thing for you to realize is that innumerable threats and vulnerabilities exist and an onion-like layered security approach is the only reasonable way to minimize your risks. You do have to be smart about it and balance security with convenience and usability. Done properly, though, your Web presence will be much more secure than so many others and that’s where you want to be.
Get the latest content on web security
in your inbox each week.