The primary function of Uptime.com is to measure the availability of web infrastructure. Security directly affects down time, and could lead to breaches of personally identifiable information or financial information. You can build a first notification system for potential security issues with the Uptime.com platform.
Any security-minded administrators should consider the following checks as top priority for ensuring infrastructure is secure.
- Which Checks are Best for Website Security
- SSL
- WHOIS/Domain Expiry
- Transaction Check
- Malware/Virus
- Final Tips
Which Checks are Best for Website Security?
Create Escalations for individual contact methods.
Create integrations with a number of providers for seamless notifications.
Set On-Call Hours to determine when a contact should be notified.
SSL
SSL checks monitor data files that link a company’s information to an encryption key that “locks” web server data in a secure manner once per hour. Each SSL check further breaks down into various protocols that Uptime.com can monitor for:
- HTTPS (Secure Hypertext Transfer Protocol): used for delivering web pages.
- SMTP (Simple Mail Transfer Protocol): (STARTTLS)
- POP3 (Post Office Protocol): (STARTTLS)
- IMAP (Internet Message Access Protocol): (STARTTLS)
- FTP (File Transfer Protocol): (STARTTLS): used when transferring sensitive data between a client and a server on a computer network
- XMPP (Extensible Messaging and Presence Protocol): used for real time data exchanges between two or more networks
- IRC (Internet Relay Chat) monitors the facilitation of communication via chat typically through private messages that may also include file sharing
- LDAP (Lightweight Directory Access Protocol): (STARTTLS) accesses and manages directory information over IP networks.
The SSL check defaults to 20 days advanced notice of expiration, but we encourage users to provide at least a 30-day notice.
WHOIS/Domain Expiry
WHOIS/Domain Expiry checks not only check when a domain expires; this monitor also reports changes to the WHOIS information, a common tactic hackers use to hijack a legitimate website.
Creating a WHOIS check will detect any change in the current information registered with Uptime.com (which can be used to prevent hackers from hijacking your domain). Some of these changes are legitimate, as when a registrar changes business information. If you’re unsure of a change, contact your registrar after a failed WHOIS/Domain Expiry Check.
Transaction Check
A Transaction Check runs through a specific set of steps, from a specific URL to the end of a goal funnel. It checks load time and for expected results along the way, and is a secondary measure to determine whether hacking has occurred.
Inspect important elements related to your shopping cart, using the “Wait for” and “should exist” commands and validators. This is especially true as you change URLs in the transaction process.
It’s important to note a Transaction Check cannot detect anything you have not asked it to look for, but it can detect changes in existing values you have defined. It can help determine whether buttons or shopping carts are properly redirecting, or whether important and established code has been altered in some way.
Malware/Virus
We also recommend a Malware/ Virus Check to monitor for your site’s existence on known blacklists. The Uptime Malware / Virus check looks for your domain on the Google Safe Browsing List and Yandex Safe Browsing List once each day.
Domains on these lists are flagged as having dangerous malware, and visitors to your site are likely to receive a warning.
Final Tips
One of the first steps that new users should take with Uptime.com is to run a Domain Health Check for the URL they plan to monitor.
We also recommend utilizing the “Escalation” feature to push these mission critical checks straight to the decision maker in charge of renewing certificates or handling domain information.
Comments
0 comments