The answers to all your questions...

Prevention is better than cure. In that context, a penetration test actively identifies weaknesses in your online security, and provides the reporting and assistance to eliminate those vulnerabilities. A penetration test can also be used to fuel compliance with regulatory auditing requirements, enhance technical controls, and deliver overall confidence in your hosting security.

No. The difference between penetration testing and “black hat” hacking attempts is that penetration testing is controlled and therefore pose no threats to your sites or servers. Another term for penetration testing is “ethical hacking”, of which the aim is simply to improve the security of the target website.

You wouldn’t leave the doors to your house unlocked, so why do the same with your website. Although nothing on the internet is 100% impenetrable, by adding penetration testing to your security armour, you significantly reduce the risk.

Distributed Denial-of-Service, or DDoS, flood websites, web servers, internet applications and other online resources with huge amounts of garbage traffic. This sudden increase adds a significant amount of strain on the target, either slowing it down or shutting it down completely. According to a recent report by NexusGuard, denial-of-service attacks have increased with 29% since Q2 2017.

Denial-of-service attacks are increasing in both size and in complexity. The NexusGuard report indicates an average attack size of 4.10Gbps in Q2017, while a 500% increase to 26Gbps has been noted in Q2 2018. As such, DDoS attacks have also increased in duration – from a few hours to more than a week (the current record being 12 days).

Although downtime is the most obvious risk associated with DDoS attacks, a more severe loss is the financial impact brought about by inevitable reputational damage. This can translate into a loss of a few thousand to hundreds of thousands per hour. Legal consequences are an often overlooked risk – capable of exacerbating reputational damage and induce crippling financial penalties.

Tip: Use the Storm Security Centre for free real-time security audits. Access tools that simplify GDPR, ICO, and PCI DSS compliance to reduce the potential for reputational damage and crippling fines.

A web application firewall filters HTTP conversations (traffic passing between your server and other computers). Rules are applied during the filtering process to eliminate threats and attacks, some of which may include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), OS command injections, malicious file execution, and more.

Traditional firewalls won’t necessarily qualify traffic that comes to your site – they typically block ports or listen for and redirect sudden spikes in bogus traffic common with attacks like DDoS. A WAF fills this gap, listening on the application layer and examining every request that comes to your site. It is a necessity, given that some attacks may masquerade as legitimate requests to your site to gain entry.

The Open Web Application Security Project (OWASP) is a global non-profit organisation focused on application security. OWASP provides freely-available articles, methodologies, documentation, tools, and technologies to create awareness of, and enhance online application security.

You may ask why you need to be PCI compliant if you don’t collect card details. At Storm we use PCI as the benchmark in tough-as-nails security for all our customers. The GDPR came into force in 2018 making significant changes to data privacy regulation. Companies are required by law to protect customers’ personal information to the highest standards, or face serious consequences including crippling fines. So by complying with PCI DSS companies are also complying with the GDPR and protecting themselves from fines due to data breaches, even if they don’t hold cardholder data.

Storm will fully manage your security requirements via the Storm Security Centre. The team will take care of implementing all the required changes to your business, as well as proactively keeping on top of it as any threats evolve. This is the Storm Security guarantee.

Performs a thorough cyber Vulnerability Scan to Payment Card Industry (PCI) standards on a server. Subsequently producing a report indicating any discovered vulnerabilities that could be exploited by an attacker to hack into the server or to steal sensitive information or customer data. Our team will work with you to address any points raised in the report until subsequent scans reveal no further vulnerabilities. Passing the scan means that your server is classed as being so secure that Visa and MasterCard are happy for you to store credit card information on it. The scans are run Quarterly and the process fully managed by Storm. Ensuring that you have some of the highest levels of server security in place at all times.

Performs a thorough cyber Vulnerability Scan to Payment Card Industry (PCI) standards on a website. Producing a report indicating any vulnerabilities that could be exploited by an attacker to steal sensitive information or customer data. A full report with guidance will be provided to your developer so they can address any points raised so that a subsequent scan will be passed. This means your website is classed as being so secure that Visa and MasterCard are happy credit card information to be processed through it. Scans are run to enable website security to be maintained.

Storm PCI Scanning is a fully managed service administered in conjunction with the Storm Security Centre and our security partners, Security Metrics. Storm provides pro-active technical support to manage and maintain PCI compliance of your servers and sites at all times. In short, we prompt you when your site or server is failing certification as opposed to leaving you to manage it and do the following up.

Official Approved Scanning Vendor reports detail all checks and any vulnerabilities found.

When a server or web site passes the scan, an officially recognised ASV Certificate is issued to you. You can use this to provide evidence to your clients and relevant third-parties of the high security standards in place on your web site and servers.

A Site Seal can be placed on your web site in order to improve buyer confidence by demonstrating that your site has been certified to the highest security standards.

Storm’s unique “Data Protection Guarantee” is about going the distance and then some. With the Storm Security Centre, you’re a few clicks away from stronger, more resilient online security.

If your site or server passes all security benchmarks in the Storm Security Centre at the time of a severe data breach, we will:

• Liaise with the ICO on your behalf to protect your business & reputation
• Work with your internal teams to restore your information back to pre-breach conditions
• Provide expertise to investigate the reason(s) for the breach, and recommend a course of action for enhanced future protection of your online assets.

Network-wide advanced threat monitoring protects your online sites and servers the moment you sign up with Storm. Additional server-based agents add another layer of hyper-vigilance to solidify your online continuity. Storm’s 24/7/365 security team delivers rapid threat response to mitigate potential threats and breaches and the collective intelligence of more than 10,000,000 websites filters your traffic 24/7 to weed out malicious traffic and online attacks.

DNS is an acronym for Domain Name System, and works like a directory or phone book. Like names in a normal phone book, your domain has an address for each of its features which tells other servers on the internet where to send your email, or where to find your website.

All DNS changes are synchronised with our master database in seconds, and picked up by other DNS servers over a period of 24 hours. Realistically, however, the changes you make will start reflecting across the internet within a few minutes.

You can start making DNS changes as soon as your Storm account is active. Remember that changes can only be made to domains to which you have ownership rights or full access.

Yes.

Storm’s 24/7 migration team is standing by to take charge of your move to Storm. We’ll take care of the technical details and ensure everything is running smoothly before the final transition.

A CDN stands for Content Delivery Network. It refers to a network of geographically distributed servers with the key aim of speeding up content delivery. CDNs typically do not host content, but instead commits online content to a cache which compresses and filters for enhanced rendering and delivery.

Through CloudFlare your content is brought closer to your customers and visitors through a network of 63 data centres spread across the globe. Other optimisations include purpose-specific hardware and software that optimise content and automatically balances heavy traffic loads to ensure consistent delivery.

CDNs have become versatile in their caching ability, moving past simple text and image caching to include intelligent compression of images and videos without sacrificing quality, as well as compression of web pages, JavaScript files, and stylesheets.

DNs typically refresh their caches at predetermined short intervals. An immediate refresh of your website data can be forced from the Storm Security & Performance Centre.

Microsoft SQL Server is the industry leading database for business critical web applications. SQL Server is a comprehensive, integrated data management tool that enables individuals and organizations to reliably manage mission-critical information and confidently run today’s increasingly complex online business applications.

Microsoft SQL Server plugs into your web application just like any other relational database. There are a range of visual management tools that you can use to administer, manage and performance tune your SQL Server database to ensure you get the very best out of your web site. Many of these tools can be downloaded free of charge direct from the Microsoft web site.

We can provide support for SQL Server 2019 and 2016 databases which are hosting on our servers running the latest Windows operating system. If you require support for an earlier version of SQL Server or have a custom requirement, please contract us on 0800 817 4727 to discuss.

With our ASP Ultimate Shared Hosting package a 500MB SQL Server database is provided as standard. Additional databases or space can be purchased at a cost of £29.99+VAT per database (or per 500MB of additional space) per year. Our shared hosting packages can host SQL Server databases of up to 2GB in size.

On one of our Cloud or Dedicated Servers, there are no limits imposed by us. The limits would be restricted only by the physical spec of the server and also the version of SQL Server that you opt for.

We’ve made running your own web server super easy. But in case you still need a little help, get in touch with our 24/7/365 support team for quick and efficient help to setup and manage your web server.

In a public cloud environment you share hardware resources with other “tenants”. This may present a few limitations, especially if you need to run resource-intensive or high-bandwidth applications during peak traffic times. In a private cloud environment, the hardware resources are all yours to do with as you please.

Dedicated servers can be more powerful than cloud-based virtual private servers. You also have more control over the hardware of your server and have no restrictions in terms of the software you install, but may require a little more expertise. On the other hand, due to differences in configurations, cloud-based servers aren’t as sensitive to hardware failures. This means that, if one physical drive of a cloud-based setup fails, it can be replaced without interrupting the service.

Virtual private servers support load balancing, which essentially means you can add a parent (physical) server, and move one of your virtual servers to the new parent server to spread the processing requirements across two (or more) physical systems. The great thing about this setup is that it can either be permanent, or used only when your traffic and processing volumes spike.

Every Storm server is set up according to stringent security protocols. Regular maintenance, OS updates, security patches, ironclad data encryption, and continuous vulnerability detection complements multi-layer security which reaches from our Tier 4 data centres right through to continuous threat detection and analysis with the aid of state-of-the-art hardware and software firewalls manned by qualified security personnel. So, in a word, Yes.

You do.

We’ve taken every precaution to deliver a 100% network uptime guarantee. Multiple data centres, redundant server hardware, and multiple tier 1 connections to the internet helps us make good on our word.

cPanel contains a large array of features that make it easy for you to control the different features of your web hosting package. With cPanel you can have your web site, email and other hosted services up and running in a very short period of time. Features such as phpMyAdmin are standard to the control panel and provide you with a web interface that allows you to fully manage your MySQL databases. In short the aim of cPanel is to remove the need for admin level access to the server so that you can manage all of your web site’s hosting requirements through a single web interface.

WHM is an extended version of cPanel that allows you to create and manage multiple hosting packages at a parent level. WHM is provided with our Linux Reseller hosting packages. Here you can also assign each hosting package you create its own cPanel control panel so your customers can manage their web space and too gain the full benefits of a cPanel hosting solution.

Microsoft’s ASP.NET allows developers to create dynamic feature-rich web applications. ASP.NET can be used to create anything from small, personal websites through to large, enterprise-class web applications.

Yes. Our ASP.NET hosting packages allow you to easily switch between different versions of ASP.NET. In addition AJAX extensions and MVC are supported allowing you more scope to create even more powerful web applications than ever before.

Yes. You can integrate your ASP.NET web applications with a SQL Server or MySQL database using our ASP Ultimate hosting package. This comes with all the benefits of the ASP Plus package but with added support for SQL Server and MySQL databases.

PHP tends to be the server-side scripting language of choice for developers that have not gone down the Microsoft career path. Stemming from the open-source movement, PHP offers good interaction with MySQL databases which when combined allow developers to create powerful website applications that can provide a high level of functionality, scalability and reliability. Facebook is a good example of such a large-scale system build upon PHP and MySQL technologies. Being open source means it is often favoured for such large scale applications due to the vast savings on license costs as can often be an issue with other development technologies.

PHP was originally designed to run on Linux and consequently tends to run slightly better on a Linux based operating system. As such we recommend either our Linux Plus, Ultimate or any of our Linux Reseller packages for PHP hosting. Although low cost, these Linux hosting packages provide you with the features needed to support the hosting of a PHP based website along with support for MySQL databases. However, if you have a distinct requirement for a Windows-only feature then you can still choose one of our Windows based ASP Plus, Ultimate or Windows Reseller hosting packages which too support PHP in addition to Microsoft based technologies such as ASP, ASP.NET and SQL Server.

In order to successfully run Kentico you need to have ASP.NET 4.5 (or higher) and Microsoft SQL Server 2012 (or higher) supported.

Yes. An added benefit of our Kentico hosting packages, in comparison to many of our competitors, is that we allow full Remote Connections to your SQL Server based Kentico database. This means that you have full management capabilities over your database and can directly access and manage your database should you need to, using powerful SQL Server management tools such as SQL Server Management Studio.

Yes. With our Kentico hosting package, we make it easy to transfer an existing Kentico web site hosted elsewhere to us. There’s no need to rebuild your database from scratch if you wish to transfer an existing Kentico database to us. If you already have a Kentico database hosted elsewhere, all you need is a script backup of your Kentico database which can quickly be restored to your Storm Kentico hosting package. You are also able to take full backups of your Kentico database using the control panel we provide and can restore back to your site at any point. Therefore not only ensuring your Kentico based site runs perfectly, but also that it is fully protected from data loss.

WordPress hosting describes the ideal platform for running WordPress, a Content Management System that is often used as a blog publishing application. It is open source, which means its code is made available for use or modification by users and developers.

WordPress is powered by PHP and MySQL and has many features including a plug-in architecture and a templating system. WordPress is the most popular blog software in use today and is used by over 2% of the 10,000 biggest websites.

WordPress Hosting When WordPress was first launched, it was used primarily as a blogging system. However it has since evolved and is now used as a full content management system through the thousands of widgets, plug-in and themes. As the official WordPress website states, “WordPress is limited only by your imagination”.

To successfully host WordPress you need PHP version 4.3 or greater and MySQL version 4.1.2 or greater. It is also recommended that an Apache based operating system is used for WordPress hosting.

Yes, we support WordPress hosting on our Linux Ultimate package and currently host several hundred active installations of WordPress for our customers on these packages.

Yes. An added benefit of our WordPress hosting packages in comparison to many of our competitors, is that we allow full Remote Connections to your WordPress MySQL database. This means that you have full management capabilities over your database and can directly access and manage your database, using powerful MySQL management tools such as MySQL Workbench (formally MySQL Administrator).

Yes. With our WordPress hosting package, we make it easy to transfer an existing WordPress web site hosted elsewhere to us. There’s no need to rebuild your database from scratch if you wish to transfer an existing WordPress database to us. If you already have a WordPress database hosted elsewhere, all you need is a script backup of your WordPress database which can quickly be restored to your Storm WordPress hosting package using phpMyAdmin that comes preinstalled on our Linux Ultimate package. You are also able to take full backups of your WordPress database using the control panel we provide and can restore back to your site at any point. Therefore not only ensuring your WordPress based site runs perfectly, but also that it is fully protected.

In order to successfully host Joomla, it is recommended that you have installed PHP 5.2, MySQL 4.1, Apache 2.1x+ or Microsoft IIS7.5.

Yes, we support Joomla hosting on our Linux Ultimate package and currently host several hundred active installations of Joomla for our customers on these packages.

Yes. An added benefit of our Joomla hosting packages in comparison to many of our competitors, is that we allow full Remote Connections to your Joomla MySQL database. This means that you have full management capabilities over your database and can directly access and manage your database, using powerful MySQL management tools such as MySQL Workbench (formally MySQL Administrator).

Yes. With our Joomla hosting package, we make it easy to transfer an existing Joomla web site hosted elsewhere to us. There’s no need to rebuild your database from scratch if you wish to transfer an existing Joomla database to us. If you already have a Joomla database hosted elsewhere, all you need is a script backup of your Joomla database which can quickly be restored to your Storm Joomla hosting package using phpMyAdmin that comes preinstalled on our Linux Ultimate package. You are also able to take full backups of your Joomla database using the control panel we provide and can restore back to your site at any point. Therefore not only ensuring your Joomla based site runs perfectly, but also that it is fully protected.

To successfully host Umbraco, you’ll need a Windows based operating system as well as SQL Server and ASP.NET.

Yes, we support Umbraco via a number of hosting options. We can also help with maintaining Umbraco installations and potentially content updates too. Talk to us for further info on how we can help.

Yes. An added benefit of our Umbraco hosting packages, in comparison to many of our competitors, is that we allow full Remote Connections to your SQL Server based Umbraco database. This means that you have full management capabilities over your database and can directly access and manage your database should you need to, using powerful SQL Server management tools such as SQL Server Management Studio.

Yes. With our Umbraco hosting package, we make it easy to transfer an existing Umbraco web site hosted elsewhere to us. There’s no need to rebuild your database from scratch if you wish to transfer an existing Umbraco database to us. If you already have a Umbraco database hosted elsewhere, all you need is a script backup of your database which can quickly be restored to your Storm Umbraco hosting package. You are also able to take full backups of your Umbraco database using the control panel we provide and can restore back to your site at any point. Therefore not only ensuring your Umbraco based site runs perfectly, but also that it is fully protected from data loss.

To run Drupal, it is recommended that you have installed MySQL 4.1 or MySQL 5.0. Drupal can be run successfully on both Apache 1.3 or Apache 2.x and Microsoft IIS 5,6 and 7 if PHP is configured properly.

Yes, we support Drupal hosting and recommend our Linux Ultimate package for this.

Yes. An added benefit of our Drupal hosting packages in comparison to many of our competitors, is that we allow full Remote Connections to your Drupal MySQL database. This means that you have full management capabilities over your database and can directly access and manage your database, using powerful MySQL management tools such as MySQL Workbench (formally MySQL Administrator).

Yes. With our Drupal hosting package, we make it easy to transfer an existing Drupal web site hosted elsewhere to us. There’s no need to rebuild your database from scratch if you wish to transfer an existing Drupal database to us. If you already have a Drupal database hosted elsewhere, all you need is a script backup of your Drupal database which can quickly be restored to your Storm Drupal hosting package using phpMyAdmin that comes preinstalled on our Linux Ultimate package. You are also able to take full backups of your Drupal database using the control panel we provide and can restore back to your site at any point. Therefore not only ensuring your Drupal based site runs perfectly, but also that it is fully protected.

An SSL certificate allows pages on your web site to be accessed via a secure “https://” prefixed URL (for example https://www.yourdomain.co.uk) in addition to the standard non-secure “http://” prefix. You usually find SSL secured URLs when purchasing something online and this is usually accompanied by a “padlock” icon appearing in your browser’s address bar to indicate that sensitive details you enter are being encrypted.

Adding an SSL certificate to your web site helps build trust and portrays a professional image to your customers and site visitors. Customers know that you take their security seriously. It also helps to build confidence and reassures a visitor that making a purchase via your site is safe. In turn helping to boost your overall sales.

Our SSL Certificates start from as low as £89.99/year and also include a dedicated IP address for your web site. In addition, due to us buying in bulk, we are able to offer substantial discounts off our certificates as opposed to purchasing directly via GlobalSign.