In order to increase stability and improve the security of our sites, we recently began moving many of our clients to a new hosting company, RackSpace. This move is especially important for our ecommerce clients, as heightened security is a key component to PCI compliance (a required standard of security and policy around the protection of stored and transmitted credit card data). The principles around this standard are:

• Having a secure network with a firewall and strong passwords
• Protecting cardholder data by storing data correctly and encrypting cardholder transmissions
• Reducing vulnerability by using anti-virus software and secure systems
• Implementing access control to data by restricting physical and electronic access to data
• Regularly monitoring data by tracking access to cardholder data and testing security systems
• Maintaining an information security policy to address how information is kept secure  

We take the responsibilities and requirements of these standards very seriously and feel that moving to RackSpace is beneficial to clients across the board, for ecommerce and non-ecommerce sites alike. Not only does RackSpace offer superior security, their customer service and 24/7 monitoring are unmatched and will help us provide better support to all clients.

Ever wonder how the computing world knows the difference between a web browser request and an email send? Although there are quite a few technologies involved, the common way to separate these types of communication is through port numbers.  

For example, when you make a normal web request with your browser and type in “HTTP,” you’re telling the end server two things: 1) what computer address you’d like to connect to, and 2) what port number it should use. By default, HTTP will connect on port 80 (and HTTPS is generally port 443), but your web browser saves you the trouble of having to know this. There are thousands of ports and generally the standard communication ports will be the same wherever you go.

Ports on computers can be imagined as docking bays for delivery trucks. When a delivery truck leaves the shipping dock with a certain type of good, it not only needs to know which building to deliver to, but also which door. Ports are the doors of your computer. When you use your email server to send a message, you normally send through port 25. When you later check your email from your POP3 server, you’ll request your messages through port 110.

When you turn on your computer, you open up channels of communication through possibly hundreds of different ports that could be used to communicate with you. If someone wants to attack your computer, they’ll scan for open ports on your machine and try to use any they find as a way to install software or completely take over your machine.

The best way to make sure you only have the ports of communication open that you want, is to use the internet from behind a firewall (see my previous post), as the firewall does the work of closing all of those dangerous ports for you and keeps you from receiving a delivery you didn’t ask for!

In August, I wrote about how the Web translates web addresses into the numerical addresses that are assigned to servers and devices all over the world. Recently, I’ve been reading about a new problem with IP addresses that the Internet will likely encounter in 2010. When the governing body responsible for managing IP addresses created the current system, they only created the capability for about 4.2 billion addresses across the globe.

This sounds like plenty of addresses, but with the prevalence of wireless devices, multiple server farms for large companies and the way the addresses were doled out, we’re actually nearing the end of the remaining addresses. This is similar to when a single area code didn’t provide enough numbers to support every phone in the area and phone companies had to convert nearly every phone number in the US from seven digits to ten.

So, how will this web problem be solved? By doing something very similar to what phone companies did, and adding four times as many digits to IP addresses, making for a number so large it doesn’t have a name. It’s hard to imagine we’ll ever need that many addresses, but I’m sure future generations will look back at this transition and make fun of our naiveté in thinking this was even close to enough addresses.

If you’re interested in more on the subject, and have a little bit of a math nerd streak in you, here are a couple of links to visit:

• IP Address Exhaustion
• The Next-Generation of Internet Protocol
• IP Address to Run out in 2010

When you connect your computer (or your office network) to the Internet, there is very often a device that stands as the single greatest protection between you and malicious users: a firewall. A firewall prevents Internet traffic from the outside getting to you, while allowing your outbound traffic (web surfing, email checking) to communicate with the Internet at large.

Firewalls severely limit inbound communication to your computer, allowing only standard/approved communication and communications you initiated. While these devices aren’t necessary for you to connect to the Internet, without them, your computer and entire network can be vulnerable to attacks from users trying to get info from, or even take control of, your computer. A firewall does not always protect you from viruses you may get through downloading files from websites or opening suspect email, but it serves as the first line of defense against active attacks.

The complexity of firewalls goes well beyond what’s described here, and firewalls are only one component of a truly safe and secure networking environment. We recommend that all of our customers and users take the necessary precautions to keep themselves and their information safe at all times, starting with a firewall.

Ever wonder how the Internet knows what information to bring up in your web browser when you type in the URL of your favorite website? This is all taken care of through the Domain Name System (DNS).

Each web and email server has a numerical address that serves as the unique address for that machine. The Domain Name System is responsible for maintaining the relationship between this numerical address and the friendly domain name you generally use to connect to web pages and to send email. You can simply type in www.google.com instead of having to remember 209.85.173.103 to do your daily searches.

When you type in a URL, the first thing your computer does is ask a DNS server what the actual numerical address is. Then, you are connected to that address, but still shown the friendly name you typed. Because of this system, there will often be a delay when your website moves to a new server as the Internet learns the new numerical address of your domain name. This is referred to propagation.

All of the servers that are responsible for knowing these addresses are updated on various schedules, some updating more quickly than others. Which server a site visitor is connected to will dictate whether or not they view content on your new server or old one.  While highly detailed, DNS and systems like it keep the Internet an easy, friendly world to navigate.