HomeTechnologyWebsite security: A vital factor to maintain

Website security: A vital factor to maintain

Even at the dawn of the internet, when its adoption was nonetheless very confidential, the first cyberattacks were already happening. The very first cyberattack appears to have taken place as early as 1988, when only a few tens of thousands of computers were related to the internet.

These days, these assaults are common and more frequent. This threat is almost invisible, transforms constantly, and concerns us all — whether we’re individuals, small or large companies, or administrations. This is the case, regardless of the scale of the internet publicity. Of course, the main web gamers and the most strategic financial gamers are much more uncovered to it than the proprietor of a small website. However, everybody should ensure they have the right measures in place to guarantee optimum protection for their business

Website security: A vital factor to maintain

Why secure your websites?

Although this phenomenon certainly isn’t new, the number of cyberattacks has increased significantly in recent years. This number has quadrupled in 2 years, according to a report by the French National Agency for the Security of Information Systems (ANSSI). The particular context of the past 2 years has, of course, exacerbated the prevalence of this trend — providing fertile ground for vulnerabilities that are more easily exploited by cybercriminals.

Since early 2020, the healthcare disaster has highlighted many vulnerabilities inside organisations. This is particularly true with the accelerated implementation of broad-scale remote working, sometimes associated with breaches of sure basic IT security rules. However, all of this is part of a lengthy-term trend, and recent events have been a catalyst. For example, the number of vulnerabilities identified in the Common Vulnerabilities and Exposures (CVE*) database over the past decade has increased significantly, with a notable acceleration since 2017.

*The CVE is a publicly accessible list of cybersecurity vulnerabilities. This database is free to use.

As a leading cloud and web services provider, we place worthy significance on both the security of our infrastructures and that of our service users. At OVHcloud, our philosophy has always been to include a broad range of solutions by default that will help protect you, no matter which service level you choose. Of course, it is nonetheless necessary to stay informed regarding the proper implementation of basic IT security rules (e.g. secure entry, regularly updating applications, CMS tools and associated plugins as part of web hosting plans).

Your opinion is necessary to us. This is why we recently launched a survey to ask you what your main expectations are for our web services. The feedback we received has revealed that many of you are anticipating more features to better secure these services. In order to meet these expectations, and deliver increasingly revolutionary services, we’re offering new security solutions as part of our CDN option for shared hosting.

How do I secure my website?

Your security is 1 of our top priorities, so all of our web hosting plans include the following essential protections by default:

  • An SSL certificates to secure HTTPS connections to your website.
  • Anti-DDoS protection to protect servers in the event of an assault.
  • A new CDN Security option, suitable with all of our web hosting plans, so you can go even further in securing your websites.

Let’s Encrypt SSL certificates: HTTPS security for everybody

HTTPS protocol encrypts data between the visitor’s browser and your website. It also enables the browser to ensure that it is visiting the correct website. Today, it represents a standard for website security — and it is a guarantee of belief for your visitors. We offer this service free of charge and with no time limit, with all of our web hosting plans.

What is an SSL certificates?

If you would like to know more about these certificates, please read our page on the subject: your free SSL certificates via Let’s Encrypt.

For large or small initiatives, our anti-DDoS protection is free

Website security A vital factor to maintain

Like any infrastructure hosted at OVHcloud, regardless of size, your website is protected by the most powerful anti-DDoS system on the market. It protects your website round-the-clock against distributed denial-of-service (DDoS) assaults, and we will alert you if any dangers occur.

Optimal protection with CDN Security

We want to support you as much as possible in ensuring that your websites are secure — whether they are personal or professional, small or large. This means you can stay as close as possible to market standards, and even exceed them.

The CDN Security pack is easy to use, enhances the CDN Basic service (included for free with our Performance web hosting plans), and provides enhanced protection for your websites.

1659547797 728 Website security A vital factor to maintain

This all sounds worthy on paper, but what are the main additional features offered by this option?

Web Application firewall (WAF)

Let’s start by exploring 1 of the most advanced features of our CDN Security resolution: WAF. The purpose of the Web Application Firewall is to detect and block assaults or data leaks from your website.

Built on ModSecurity (https://github.com/SpiderLabs/ModSecurity) and the OWASP CRS data set (https://coreruleset.org/), this option analyses requests for assault patterns, SQL injections, XSS vulnerabilities, and more.

For example: if an SQL injection attempt is made following a vulnerability in your content management system (CMS), the application firewall blocks the upstream request in order to protect your site. You can then wait for your CMS to be updated without it being affected. Please remember that security updates are essential for your website to work properly, and are part of our best practices.

The WAF can also analyse your website’s responses, and block a request that would return sensitive data. This is to protect against database leaks, source code leaks and technical information leaks on your infrastructure.

1659547798 992 Website security A vital factor to maintain

For optimum ease of use, the rules for this application firewall are managed by our team. There is currently a single profile that covers many types of assaults.

In the coming months, we plan to create a wider range of profiles designed to meet the specific aspects of sure content management systems. You can then select the profile you want for your project immediately from the OVHcloud Control Panel.

HTTPS Redirect

Your SSL certificates cannot guarantee that 100% of the traffic to your website will be secure. Some requests may arrive unencrypted. This is where HTTPS Redirect comes in.

With this feature enabled, your Shared CDN will routinely redirect visitors using the non-secure version of your website to the HTTPS version, secured by your SSL certificates. As a result, the sensitive data exchanged between your visitors and the website will be encrypted, i.e. not freely accessible on the internet. This ensures maximum security.

How does HTTPS Redirect work?

1659547798 240 Website security A vital factor to maintain
Tip: combine the HTTPS Redirect option with the HSTS option for better use of the secure version of your site.

HTTP Strict Transport Security (HSTS)

HSTS is an option to notify your visitor’s browser that your HTTPS site is only accessible securely, and for a given period of time. By enabling this option, you can ensure that a visitor always returns via the secure version of your website, even if they are using a simple HTTP link.

How does HSTS work?

When a browser requests entry to a resource on your website using HTTPS protocol, the Shared CDN provides a “Strict-Transport-Security” header containing a “max-age” field. This field signifies a period, in seconds, from which the browser will only use HTTPS. The visitor’s browser will then cache the information, indicating that your website should always be used in HTTPS during this period. The period is then extended routinely each time the web user visits the website.

1659547798 173 Website security A vital factor to maintain

What is HSTS?

In a man-in-the-middle assault, an attacker would claim to be your website and collect confidential customer information. This type of assault is rendered impossible with HTTPS, because the attacker cannot certify that they are the holder of your website. The customer’s browser will block the website from loading.

With the HSTS option, the browser knows that your website is only accessible in HTTPS. This way, the assault will be detected by the visitor’s browser, as the fraudulent website will not be able to prove its identity via the SSL certificates.

1659547798 417 Website security A vital factor to maintain
Tip: The minimal counseled period for the HSTS value is 6 months. It can be increased to 1 or 2 years once you are in manufacturing.

Mixed Content Management

When a visitor’s browser masses your website, if it is secured by HTTPS, it is essential to ensure that all your website’s sources are accessible in HTTPS.

To load properly, your website usually needs a lot of internal and external sources  (images, CSS, JavaScript, etc.). If your website gives the visitor’s browser HTTP addresses to load these sources, they will be blocked. A red padlock will then appear next to the address bar, indicating to the visitor that the site is not fully protected.

1659547798 173 Website security A vital factor to maintain

With the Mixed Content option, you can add a ‘Content-Security-Policy’ header to your HTTPS site, telling the customer’s browser to load all sources in HTTPS. This option is suitable with all modern browsers, and ensures that your website masses properly.

This way, the legitimate lock indicating that your site is secure will always be available. All of your sources will also be delivered in HTTPS, even if they are defined in HTTP in your code.

However, if you are using sources that are external to your website, please ensure that the web server can communicate in HTTPS. Otherwise, the resource in question cannot be loaded.

Shared CDN comparability desk

In this desk, you will find all of the features included in each of our solutions. The CDN Basic is included free of charge with our Performance web hosting plans: simply enable it via the OVHcloud Control Panel.

1659547798 969 Website security A vital factor to maintain

In quick, stay protected!

From unavailability and data leaks to hacking, an assault can have critical consequences. The inconvenience caused can often have a massive impact — your brand image may end up tarnished.

To avoid this, we needed to make it as easy as possible to enable these protections. We also needed to offer an easy-to-use interface with all the documentation you need to support you.

This way, you can get professional protection solutions managed by OVHcloud in just a few clicks, for the best price.

As the saying goes, prevention is better than remedy. So make sure your websites are protected today.

Get the CDN Security now

1659547798 42 Website security A vital factor to maintain

Passionate about all kinds of web technologies, Product development, Mountain addict

1659547798 549 Website security A vital factor to maintain

Web, Marketing, Metal & Capybaras

1659547798 751 Website security A vital factor to maintain

Focused on Web performances and security

Website security A vital factor to maintain

Website security A vital factor to maintain


Most Popular