The Dangers of Reusing Passwords and Password Security Tips

You don’t need to tell me how annoying keeping track of your passwords is, and you really shouldn’t be expected to remember a subset of unique passwords for every login that you have; that might be a lot of passwords. So why is it then, that passwords are still the primary authentication mechanism for most of our logins?

The first use of password authentication is suspected to date back to the 1960’s at the Massachusetts Institute of Technology (MIT) during the development of a time-sharing computer, the Compatible Time-Sharing System (CTSS). Even then, passwords were not very effective and they have only gotten worse.

Risks of Reusing Passwords

I know many people who have a few passwords that they use over and over again on the different accounts that they need passwords for. This includes both work accounts and personal accounts. This wouldn’t normally be a problem if it weren’t for the almost 7 billion people in the world, very powerful computers, and data breaches. Let me explain.

How Data Breaches Increase Password Reuse Risk

Every time a data breach occurs there is the risk that an attacker will obtain usernames and passwords. What is increasingly happening is that these password repositories (both encrypted and unencrypted) are being sold, or traded between cyber criminals. This allows a cyber criminal to obtain large subsets of possibly legitimate credentials without doing much work.

Using these credential repositories cyber criminals can automate checks and logins to determine if any of the credentials are still valid. Once they’ve determined if any of the credentials still work, they can either use it to continue the cyber attack or sell the credentials to other criminals including nation states such as Russia and China.

Moore’s Law and Increasing Microprocessor Capabilities

Moore’s Law is an observation that the density of transistors in microprocessors doubling approximately every two years. This increase in density has lead to a direct effect of the increase of microprocessor capabilities

Passwords can only be as complex as our language, as well as any other limits we place on passwords (i.e. special characters), thus our passwords have limits. As computers become more and more powerful, they become more and more capable of performing a lot of calculations in a short period of time. Cracking or guessing a password involves using hardware in order to try and recover passwords.

There are a number of different methods and applications for password cracking but they also work similarly. They attempt to take a given input, cryptographically hash it, and compare it to the hash of an encrypted password that we have. If they match, then we’ve guessed the password.

Due to this increase in power, passwords have actually become weaker over time in terms of how quickly a certain length can be cracked. Here are some estimates from betterbuys.com.

Password cracking times decreasing between 2000 to 2016.

As you can see, a 9 character alphanumeric password in the year 2000 would take almost 4 years to crack. As of 2016, this same 9 character password takes just under 3 months.

Password Security

As I mentioned earlier, it’s not feasible to remember a large subset of unique passwords for every account that we may have. So stop trying to remember them!

Password Managers

Password Managers such as LastPass and BitWarden not only allow you to store passwords, but they also allow you to generate random passwords based on needs. Your password manager will have a single password to access, and then will provide you with complete plain-text access to all of your passwords.

By using your password manager, generating a random password for every login, and storing it securely, you will never have to remember any of your passwords other then the one that you use to login to your password manager.

Even if your password is stolen, it’s uniqueness prevents it from being used on any of your other accounts.

Multi-factor Authentication

I’ve mentioned Multi-factor Authentication (MFA) many times before. In short, MFA adds a second and even third authentication method that must be successfully entered, along with the password.

Authentication methods fall under three categories; something you know, something you have, and something you are. A true MFA solution must have at least two of these methods involved. Here are some examples of authentication types that fall under these categories.

Something You KnowSomething You HaveSomething You Are
PasswordSmart CardFingerprint
Software RSA Token (Mobile Phone)Voice
Hardware RSA TokenRetina/Iris
Face

Length Is More Important Than Complexity

Although it’s recommended that we include not just letters, but also numbers and special characters in our passwords. At the end of the day, the length of your passwords is going to be more important then the complexity. An 8-character complex password will still be cracked before a 20-character simple one.

How SMBs can Lower Risks of Being a Victim of a Ransomware Attack

Ransomware Prevention

As small and medium businesses are more frequently becoming victims of cyber attacks, just 28% of SMBs, who were polled in a recent study, were actually concerned about ransomware. This must mean that small and medium businesses are taking security seriously, right? Wrong! That same study reported that 85% of SMBs have reported at least one cyber attack.

With ransomware becoming big business for cyber criminals, SMBs need to consider what they can do in order to protect themselves from being a victim of a ransomware attack in the first place. Given the recent uptick in ransomware attacks, let’s discuss options for reducing the risk of being a victim of ransomware.

Use Multi-factor Authentication

Using only a username and password to login is simply not secure anymore. Multi-factor authentication (MFA) adds a second, and sometimes third form of authentication. For example, you may login with your username and password, and then need to enter a 6-digit number that is available via an app on your phone, or a hardware token.

Ransomware attacks require a method for the attacker to initiate the ransomware on the target network. Today’s ransomware attacks involve an attacker gaining access to a network, stealing the data, and only then will they initiate the ransomware attack.

Using MFA on logins, especially remotely and on email systems, can make it more difficult for an attacker to gain a foothold.

Change passwords regularly and don’t reuse them

Password changes should be done regularly. This adds a moving target for an attacker who may have found one of your passwords in a data breach somewhere, especially if you don’t reuse passwords.

Control the use of Removable Storage Devices

Removable storage devices, such as USB drives and external hard drives, are the perfect weapon for the transport of Malware including ransomware which will replicate itself to external devices.

Controlling the use of these types of devices may involve something as simple as purchasing a standard USB and only allow its use, to something as complex as a Data Loss Prevention (DLP) solution that prohibits actions. Many anti-virus solutions, like BitDefender, also provide device security controls.

Make security awareness a priority

Clicking on a suspicious link, or entering credentials onto a credential phishing site could inevitably lead to the same results as above. There are many ways that attackers can use to gain access to your company’s computer network, and they should all be discussed and tested as part of a continuous security awareness solution. Topics might include:

  • Being aware of suspicious links
  • Not opening attachments from unknown senders
  • Secure password management using password managers
  • Secure use of removable storage devices

Have Backups

This technically won’t help you to lower the risks of being a victim of a ransomware attack, and you hope that you never have to use them, but, having backups might be critical to your recovery from a ransomware solution and should be taken at regular intervals. These backups should be stored offsite, onsite and on the cloud for the most protection.

No one is 100% safe from cyber attacks but we there are things that we can all do to help reduce the risk.

DNS Security For Individuals and Small Businesses

What Is DNS?

DNS, or Domain Name System, is an Internet system that is completely decentralized, and provides a capability to translate IP Addresses (example: 172.217.12.163) to a Domain Name (example: roguesecurity.ca). The DNS system is the reason that we don’t have to type in the ip address for the website that we wish to visit, and instead are able to type in a friendly domain name that is more representative of the website. Whether I enter the domain name in my address bar, or the ip address for google.ca, I’ll be taken to the same website.

Many medium and large businesses operate their own DNS servers on their own network, but most small businesses and individuals rely on downstream DNS servers that may be owned by their Internet Service Provider (ISP) or perhaps they are using one of the many open DNS providers such as Google Public DNS.

How Does DNS Work?

Without going into too much detail, a DNS request is fairly simple.

  1. You enter a domain name, roguesecurity.ca, into the address bar of your web browser, and hit Enter.
  2. A request is sent to your designated DNS server with the domain, asking for details on the ip address.
  3. The DNS server receives the request and looks up the domain name in its table of information.
  4. If the DNS server finds a matching domain name, it sends the ip address of the domain back to your browser, which your browser uses to actually connect to the website.
    4a. If the DNS server is unable to find a matching domain name, or isn’t able to find an ip address, it will respond with an error.

DNS Cache: Our devices keep a history of DNS requests that we make in order to save some work when we revisit a website that you’ve previously visited. The DNS cache updates once in a while to make sure that you have the latest information, and can be emptied manually.

How Is DNS Attacked?

DNS, like most software, has vulnerabilities, exploits, and can cause issues when used inappropriately. DNS itself has existed since the 1980’s and even though it’s received numerous updates over the years, the underlying concepts really haven’t changed much. This has given people more time to understand the Domain Name System, and as an important aspect of how the Internet operates, is a very commonly attacked protocol.

The most direct of DNS attacks is when a cyber criminal gains access to your DNS server directly. However, it’s quite common to see host-based attacks on your local devices that include Cache Poisoning (aka Cache Spoofing). This is one of the most common types of DNS attacks and involves an attacker injecting malicious data into your devices DNS cache. If an attacker replaces the ip address of roguesecurity.ca in my local DNS cache with an ip address that connects to a malicious website, then every time I go to roguesecurity.ca I’ll be taken to the malicious website instead.

The Domain Name System can also be used to steal data. Let me explain. We know that we send a domain name each time that we send a request to a DNS server. DNS queries are simply strings, and strings can include data, including encoded data. DNS Tunneling is where an attacker includes data, either plain-text or encoded, in what appear to be normal looking DNS requests. The attacker needs to get these queries so this may also involve gaining access to an internal DNS server or modifying local DNS.

DNS servers are also perfect for generating DDOS attacks via DNS Flooding or NXDomain attacks. In these instances an attacker floods a DNS server with requests, or generates a large number of invalid requests in order to overwhelm the server with the goal of bringing it offline.

DNS Security

Use a Trusted Provider

The best protection from DNS-based attacks is to use a secure DNS provider that you trust. Google and Cloudflare are two companies that offer free DNS services to the general public, and are quite reliable.

Pi-hole

Most home users can’t afford and don’t need their own DNS server, but perhaps you have children and you like the idea of some extra security. That’s where Pi-hole comes in. Pi-hole is a software that acts as a DNS sinkhole and can be used to protect devices on your network from unwanted content, block ads, and even manage network device access.

Pi-hole originated on the Raspberry Pi, but can be installed on most Linux distributions.

Privacy Policy Resources, Template Generators, and PIPEDA

Cameras

Did you know that, as a business, you may be required to abide by both provincial and federal privacy laws? Many provinces, such as Alberta, British Columbia, and Quebec have already introduced their own legislation for the collection, use, and disclosure of personal information that occurs while doing business in those provinces. For the rest of us, the Personal Information Protection and Electronic Documents Act (PIPEDA), probably applies.

PIPEDA applies to private-sector organizations across Canada that collect, use, or disclose personal information in the course of doing business. This information might include personally identifiable information (PII), such as names, telephone numbers, ethnicity, blood type, employee records, loan records, and even opinions, evaluations, and comments.

Is a Privacy Policy Important?

A privacy policy is a very important document if your website interacts with its visitors in any way shape or form. This includes not just contact forms, but also more indirect forms of interaction such as website analytics tracking.

As mentioned, a privacy policy is a simple document that is available on your website that outlines your organisation’s policies and procedures as they relate to the collection, use, storage and disclosure of personal information. A privacy policy is intended to advise the users of your website of the steps that your organisation takes in order to meet provincial or federal privacy regulations and outlines several key principles:

Although PIPEDA doesn’t include many details on what it considers, “against policy”, the Office of the Privacy Commissioner of Canada (OPC) has outlined several examples of what would be considered generally innappropriate.

  • Collecting, using or disclosing personal information in ways that are otherwise unlawful;
  • Profiling or categorizing individuals in a way that leads to unfair, unethical or discriminatory treatment contrary to human rights law;
  • Collecting, using or disclosing personal information for purposes that are known or likely to cause significant harm to the individual;
  • Publishing personal information with the intent of charging people for its removal;
  • Requiring passwords to social media accounts for the purpose of employee screening; and
  • Conducting surveillance on an individual using their own device’s audio or video functions.

Source: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/

PIPEDA Resources

The OPC website is probably the single best resource as it relates to PIPEDA. We’ve included some of the more relevant links here.

Privacy Policy Generators

Without further ado, let’s take a look at how we can quickly and easily get a privacy policy setup for your website.

These tools were designed to take basic inputs and generate a complete privacy policy for your website. I’ve only include links to tools that offer a free tier or are completely free.

CyberChef Cyber “Swiss-Army” Knife – Free Tool For Security Professionals

Cyber Chef Logo

CyberChef is a web-based tool that assists with carrying out a number of complex operations such as compressing or decompressing data, encrypting data, creating binary and hex dumps, extracting metadata, matching YARA rules, and so much more. It was created by the GCHQ or Government Communications Headquarters, which is an intelligence service in the United Kingdom. It’s completely open source and is available for anyone and everyone on GitHub.

CyberChef is an absolute must for any security operations analyst or security professional, and can save you time in almost every use case. That is why we at Rogue Security are proud to introduce the Rogue Security hosted, CyberChef instance!

Direct Link: https://cyberchef.roguesecurity.ca/

Disclaimer: Rogue Security will not take responsibility for any data that you use within the tool. Please make sure that you never place secret of confidential data into a tool that you do not have full trust on.

We are making CyberChef available to the general public because we believe that access to tools and resources is critical to the growth of Information Security and Cybersecurity.

CyberChef Interface

Cyberchef Interface
Cyberchef Interface

The CyberChef interface is made up of 4 areas:

1. Input — The Input field provides an area to enter or paste your text or file input.

2. Output — The Output field provides the outcome of your recipe.

3. Operations — The Operations menu provides you wish access to both simple and complex operations, in which will be performed against the input.

4. Recipe — In the Recipe field, you will use any number of Operations that will determine how your input will be processed.

We can use the Input Menu to upload folders and files. The plus ( + ) sign allows us to create multiple tabs for inputs. The Input window will also allow you to drag and drop files, or paste text directly.

Operations list in CyberChef
Operations list in CyberChef

The Operations menu gives you a list of both simple and complex operations that can be performed against

The screenshot to the right provides a list of operations categories that can be performed. I won’t go through the list because it’s extensive, but if you can think about a data manipulation technique then it’s probably here.

Operations can be hovered over to see additional details on what they do, and can be dragged into the recipe window for use against your input. Once your drag an operation into the recipe window, and as long as you have an input and the Auto Bake feature turned on, an output will automatically be generated in the Output window.

CyberChef Resources

PHP 8.0 Now Available

Introducing PHP 8.0

We are happy to announce that PHP 8.0 is now generally available to all Rogue Security Business Website Hosting clients. PHP 8.0 is a major release within the PHP ecosystem and includes many optimizations, better syntax, and improved type safety.  As a major release, PHP 8.0 might require some modifications to your existing scripts. Please make sure that you review your existing website before moving to PHP 8.0. Make sure to utilize the various migration guides available on the PHP.net website.

You’ll find PHP 8.0 available directly from your Website Control Panel and can be defined by website. This means that if you have multiple websites on our platform; each one may use a different version of PHP. Simply login to the Rogue Security Hosting Control Panel, navigate to ‘Sites‘, select the website that you wish to change the PHP version for, scroll down to the dropdown for ‘PHP Version‘, and select the version of PHP that you wish to use for this particular website.

Dropdown menu for selecting PHP version.

PHP 7.3 and PHP 7.4 will continue to be available for all clients; PHP 7.4 is now the default version of PHP for all new clients. Existing clients will not have any changes made to the default version of PHP for their websites.

The Working From Home Guide to Securing Your Home Internet Connection

Earth Lights

As more and more employees are working from home, and may continue working from home even after Covid-19 restrictions let up, your home Internet as well as your home wireless internet access is going to be used more frequently by you, and everyone else in your home. That is why it is more important today, more than ever before, for you to ensure that your homes access to internet is secure and functional.  This guide provides you with some background, resources, and best practices on getting that done. This isn’t going to be a technically detailed post, but will almost certainly have something for both the technical user and the beginner. Let’s dive in.

Your Home Internet Network – An Overview

Simply put, your internet connection first comes into your home via a router or a modem, this is often referred to as just simply the gateway. It’s the gateway between your home’s network, and the rest of the Internet. A router is used to distribute the connection to devices that are connected to it. A Wireless Access Point (WAP) is a device that allows devices to connect to your home network wirelessly. You may have a router and wireless access point all-in-one. That type of device may also be known as a wireless router, or a wireless modem.

Risks of Inappropriate Security on your Home Internet

The objective is simple. Gain access to a victims home network so as to be able to connect to that network as any other user. Once the malicious actor has gained access to your home internet access their are a variety of tactics and techniques that can be used to either attack the devices on your network, or use your network/devices to commit a cyber crime. Here are some of the risks of a malicious actor having access to your home’s internet connection:

  • Your internet connection can be used to perpetrate a crime. Since your Internet Service Provider (ISP) has your name and address associated with the internet connection to your home, you could be held liable.
  • A malicious actor who has access to your home’s internal network has the ability to “sniff” or record network traffic being sent between devices. This may include passwords and banking information that you are entering into the web browser of your laptop.
  • A malicious actor may gain access to other devices on your network and steal information and files.
  • Your home devices are also at risk of being infected with ransomware or other types of malware. Ransomware is the most common risk with a malicious actor gaining access to your network. Once they’ve taken whatever data they want to take, they can infect your device(s) with ransomware and demand a ransom for safely unlocking your files.

How do Malicious Actors Gain Access to Home Networks?

  • Network devices that are still using default usernames and passwords are a common entry point.
  • Wireless networks that are not setup with a strong authentication method, such as WEP, are susceptible to man-in-the-middle attacks.
  • Outdated software on your home devices, and on your network devices can introduce unpatched vulnerabilities. This allows attackers with means and know-how to gain entry to your network through various avenues.
  • Stolen credentials. Password reuse is a major problem today. Passwords that have been stolen can be reused by attackers who use brute-forcing and password stuffing attacks to find insecure accounts online.
  • Man-in-the-middle attacks are easy to perform with a rogue access point. A malicious actor creates an identical wireless network to your own. When a guest or resident of your home accidentally logs in to the rogue access point, instead of your own; they also record the password that was entered by the unsuspecting victim.
  • Stolen/lost mobile devices often contain a copy of the wireless connection information including password.

So, What Can I Do?

Don’t worry. You’ve taken the first step; learning more. Now, let’s discuss several points that will help you work towards a more secure home internet connection.

  1. Knowing Your Attack Surface
  2. Security For Network Devices
  3. Security For Personal Devices

1. Knowing Your Attack Surface

Knowing your attack surface, or in other words knowing the different parts of your home’s network that could be attacked by a malicious actor. Create a simple list using the categories below of your home’s attack surface. Here is an example to show you that it doesn’t need to be complicated. I’m simply recording a device name that I choose, the device location, and whether it is wired or wireless.

Device NameDevice LocationWIRED/WIRELESS
Bell Aliant ModemBasement Storage RoomWIRED
Mom’s iPhone 11RoamingWIRELESS
Dad’s Android TabletRoamingWIRELESS
Sisters’ LaptopRoamingWIRELESS
AlexaKitchenWIRELESS

Here are some device categories to get you started:

  • The individual devices on your network including laptops, desktop computers, phones, and tablets.
  • Network devices, including the modem or router, that make up your home network.
  • Your Wireless Access Point’s (WAPs).
  • Smart devices and other Internet of Things (IOT) devices.

2. Security For Network Devices

Every Internet Service Provider (ISP) has a slightly different setup and uses different network devices. Unfortunately, it’s infeasible to provide a standard A-Z process for securing your network that is going to work for everyone. Instead, we’re going to give a list of recommendations, and details around those recommendations. At the end of the day it will be your responsibility to research and understand these recommendations to ensure that you are applying appropriate configurations for your individual situation.

Recommendations for home network security:

  • Change the default name of your wireless network, known as the SSID, and ensure that it doesn’t contain anything that would associate to you, anyone in your family, or your home.
    • Really Bad: JacksonFamilyat9902WhistlerSt
    • Bad:  JacksonFamilyWifi
    • Better:  WhistlerStWifi
    • Best:  SomeoneIsAlwaysHome
  • Change the default login on your network devices, such as the router provided by your Internet Service Provider (ISP). This should include changing the default administrator username, if able.
  • Disable logging into your internet router from remote internet computers. It can still be accessed by you from inside of your network.
  • Use WPA2-PSK or WPA2-Personal as the authentication method and AES as the type of encryption when setting up your home’s wireless access. TKIP encryption can be used if, for some remote reason, AES gives you issues or isn’t available. There is no reason to use any authentication method other than WPA2-PSK.
  • Disable SSH/Telnet access on your modem/router. These protocols allow for remote command line access to your device and are not required for the average home internet user.
  • Disable Wi-Fi Protected Setup (WPS). This technology provides a simpler method for connecting devices wirelessly, but is also rarely ever used.
  • MAC address filtering can be used to explicitly restrict access to your network to devices whose MAC address is contained on the access list that you define.
  • Enable the built-in firewall on your router.
  • Setup a separate guest wireless network for house guests. They can access the Internet, but can’t access anything inside of your network.
  • Setup access schedules for devices on your network that don’t required 24/7 Internet access.
  • Modify the Domain Name Servers that your router is using to translate IP Addresses (ie. 123.234.233.12) to Domain Names (roguesecurity.ca).

Advanced:

  • Using a Virtual Private Network (VPN) encrypts your internet communications and makes it difficult for a malicious actor who may be “sniffing” your Internet communications for passwords and other information. Many routers allow the easily configuring of many mainstream VPN providers.
  • Change the default Domain Name Service (DNS) subnet address on your network router. Instead of your local network being 192.168.2.1/24; change the third number group to anything between 0 and 254. For example your local network IP address range might be 192.168.200.1/24.
  • Place Internet of Things devices on a separate subnet then personal devices.
  • Adjust the transmit (Tx) power of your wireless connection. Limiting the distance that your wireless travels will also limit how far a malicious actor can be to interact with your wireless internet.
  •  

3. Security For Personal Devices

  • Ensure that devices on your network have a software anti-virus (AV). Focus on your Windows computers first, and simply use the built-in Windows Defender and Windows Firewall options.*
  • Devices with software firewalls should be enabled. Windows Firewall is a perfect option for Windows users.*
  • Devices should have separate Administrator and Non-Administrator accounts, and the Administrator account should only be used to perform administrative actions.
  • Virtual Private Network (VPN) software is also available for most operating systems and can be used on individual devices if whole-home VPN isn’t desired.
  • Setup devices with automatic updates enabled.

***Note: Mobile phone AV and firewall software is often bloated and bogs down older devices. Mobile malware is far less advanced and less common than Personal Computer (PC) malware. Our recommendation is to avoid both AV and Firewall software on mobile phones, unless its built into the phone’s operating system.***

Congratulations! You’ve successfully done something that so many people do not; you’ve taken steps to make it more difficult for a malicious actor to gain access to your home network. You rock!

Stay tuned for a really, REALLY, big update on this. If you’re continuing to having cybersecurity issues, or are unable to apply some or many of the recommendations above, and would like further information on how Rogue Security can help, please contact help@roguesecurity.ca.

What Is “Security-Focused” Website Hosting?

Security-focused

The Internet has changed, and so has how the majority of us use it. According to Google there are 1,197,982,359 websites in the World as of January, 2021.

When the Internet was only made up of a few hundred thousand websites it was quite easy to get people to reach your website as you had a higher chance of being on that first page of the search engine page being used. As things grew, and when their were millions of websites around the world, search engines needed to become smarter. This led to Internet marketing and Search Engine Optimization (SEO) where individuals would learn the techniques that search engines use and then apply them to their websites to ensure that they “outranked” other websites.

Today, we have over 1 billion websites around the World, and the fact of the matter is that the people are getting to your website because they either already know it, or went looking specifically for it. Many Web Hosting companies still want to sell you “Website Marketing” services and super low-cost website hosting with unlimited everything.  Unfortunately, you aren’t using unlimited. In fact, you aren’t using even close to unlimited. A medium-sized eCommerce website might use around 8.5 GB of Transfer per month, given a 100 Kb page size and 1000 visits per month.

We let you drive traffic to your website in whatever way that you so choose, while we focus on keeping your website secure and available to your customers and clients. Our professional staff of Information Security professionals have over 15 years of experience in the Technology and Information Security industry, and following the guiding principles of Confidentiality, Integrity, and Availability (C.I.A.). We ensure the Confidentiality of your information, your website, and your clients and customers. We maintain the Integrity of your data in motion (transfer and delivery to your visitors) and at rest (storage). Finally, we make sure that the Availability of your website is their when you need it.

Your website is now an extension of your store front. How can we help?

PHP7.2 End of Life and the OWASP® ModSecurity Core Rule Set (CRS)

OWASP

On November 30th, PHP 7.2 went end of life (EOL). When end of life occurs the product becomes no longer supported and quickly can become a security issue when zero days are found and security patches are not delivered. None of Rogue Security customers currently uses this version of PHP so we’ve taken the needed step of uninstalling  PHP 7.2 from all of our website hosting servers; after validation we can confidently say that the change was successful.

You can always come back here to find the link to the list of Current PHP Supported Versions, and we’d recommend you also check out Migrating from PHP 7.2.x to PHP 7.3.x. PHP 8.0, the next major release, will be available at Rogue Security on December 18th, 2020.

Here is a complete list of modules that are no longer available.

Over the course of future posts we’ll introduce you to many different aspects of OWASP (Open Web Application Security Project). One of our principle website hosting security features in the OWASP® ModSecurity Core Rule Set (CRS) which is a set of generic attack detection rules for use with ModSecurity or other compatible web application firewalls. So what does this mean? Well, it means that you have the best protection against the top web application attacks known. Now, that’s impressive. Find out more at coreruleset.org.

Introducing $7 Business Website Hosting

Server Racks

Your website is a target. It’s a target for both your clients to find information about your business, and those who wish to do your business and its interests harm. This has never been more true than in 2020. Covid-19 has sent many businesses to a work-at-home model and so many people are living their lives at home more.

Rogue Security envelops the C.I.A. triad in every product and service that we develop, and our Business Website Hosting service was no exception. This focus on ConfidentialityIntegrity, and Availability ensures that your business website is accessible, and secure, from the ground up.

Website Hosting Made Simple

Using WordPress Toolkit you can get your business website up and running quickly. WordPress Toolkit is a cPanel plugin allowing you to install, update and manage your WordPress installation without logging into it. The AutoSSL requests and installs a Let’s Encrypt signed SSL Certificate for any of your domain names quickly and easily, at no additional cost!

Warrantied SSL Certificates are also available for purchase.

Always Available and Protected

Our priority is keeping your website available to your current and future customers. We provide a 99.99% uptime guarantee, with approximately 1 minute of downtime per week for maintenance restarts. We know security. The OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set) is a set of rules that protect our servers and increase the amount of protection greatly.

The Tools You Need

With complete access to cPanel you have all of the tools that you need to build a beautiful, accessible website for your business.

Sign-Up Now

Please contact hosting@roguesecurity.ca for more information and to sign-up.