Security & Performance Centre
The Security & Performance Centre is a central management portal for all of the servers and websites that you host with Storm. It has been designed in conjunction with National Cyber Security Centre guidelines and addresses the majority of risks associated with cyber attack to online services.
Servers that you have with us are automatically added to the Security Centre. We also recommend that you add all domains that you host on servers you have with us too. Achieving a score of 100% will help to ensure that the particular site or server is secured to industry leading security standards and well protected from attack and data theft. It will also provide you with an audit trail of PCI compliance that can be used to demonstrate to external parties as and when needed, the high level of security you have in place on your hosted service.
Add websites/domains to the Security Centre
1. Log into your Account Portal
Log into your Account Portal and select the “Security & Performance Centre” link:
2. Add the domain name to the Security Centre
Select the “Web Sites” tab followed by clicking the green “Add Web Site” button
3. Enter domain name details
Enter your domain name and click “Next” to complete the subsequent details.
4. Configure the domain
Once the domain is added, you’ll see it listed on the Web Sites page. At this point, click the cog icon to begin configuring.
5. Managing Security & Performance
The next page will display the initial status of the domain as viewed by the Security Centre along with each section’s score shown as a percentage. Items that need attention will be highlighted with a red or amber background. While items that pass will have a green background. To address any items that need attention, simply click the “Fix” button alongside them. A brief summary of what each item means can be viewed below:
Security
CloudFlare Essential Web Site Protection
Our basic Cloudflare Essentials service is free to enable and provides your website with a basic level of protection against common internet based attacks such as DDoS. You also require this for DNS Management.
Origin SSL Certificate
An Origin SSL certificate is installed at the hosting package level and is designed to ensure complete encryption of data throughout the entire journey from a visitor’s browser to your website. If you have Cloudflare Essentials enabled, you will automatically get a “Universal SSL” which means that your website immediately benefits from having a secure “https” URL available to it. However the encryption takes place only between the visitor’s browser and the Cloudflare nodes. It is NOT encrypted between the Cloudflare nodes and the server hosting your site. Having an Origin SSL installed fixes this issue by ensuring that the full journey for traffic is encrypted.
Web Application Firewall (WAF)
The Web Application Firewall (WAF) is a vital defence tool to protect against website attacks such as SQL Injection and Cross Site Scripting (XSS). It can be enabled as part of the Cloudflare Plus package and will help intercept malicious traffic well before it ever reaches your website.
Advanced DDoS Protection
Advanced DDoS protection mitigates DDoS attacks of all forms and sizes including those that target the UDP and ICMP protocols, as well as SYN/ACK, DNS amplification and Layer 7 attacks. This feature is available with our Cloudflare Ultimate package.
Passes Vulnerability Scan (PCI Compliant)
Passing the Vulnerability Scan is an essential requirement for ensuring the data stored on your hosted services remains as secure as possible at all times. Although PCI compliance is typically associated with storing credit card info, we run all of our vulnerability scans to this standard as it ensures one of the highest possible levels of security. Even if you don’t store card data on your server, it’s highly recommended to secure your server to PCI standards as doing so means that your server and the data that you host on it is well protected from theft and malicious business crippling attacks such as Ransomware.
Antivirus installed on Host Server
The status of this item is determined by the Host Server that your site is hosted on. The host server first needs to be confirmed as having an approved Antivirus software program installed before this item will pass. Antivirus helps to ensure that malicious programs can’t run on your server and do damage. You can view the status of your servers managed by Storm by clicking the “Servers” tab within the Security & Performance Centre.
Host Server located in ISO 27001 Accredited Data Centre
If the site your server is hosted on is with Storm, this item should always pass. All of our servers are hosted in ISO 27001 approved data centres based in the UK.
Business Continuity & Performance
Uptime Monitor with 24/7 Proactive response support
Our proactive uptime monitoring is a service unique to Storm that allows you to add websites you host with us to a watch list. Should your site(s) go offline or a home page fail to load for any reason, our 24/7 support team are immediately alerted to the issue and will promptly investigate and take action to bring it back online. All without you needing to contact us! This means that you don’t need to be on standby 24/7 keeping watch over your sites. Which is especially handy should one go offline at 03:00am or at the weekend when you’re out with the family. Just tell our team which sites to monitor and we’ll take care of them as if they were our own so that you can go about your day worry free.
WebAccelerate
WebAccelerate is designed to provide a serious speed boost to your website’s loading times. It works by intelligently caching content so that it does not need to be called from the server each time. And also carries out a number of optimisations to reduce the file size of large images without compromising quality. The effect of WebAccelerate has been shown to boost the loading times of sites by up to 200%. WebAccelerate requires Cloudflare Standard to be enabled for the site.
Disaster Recovery
Host Server Backup in place
The status of this item is determined by the Host Server that your site is hosted on. The host server first needs to be confirmed as having an active backup in place before this item will pass. You can view the status of your servers managed by Storm by clicking the “Servers” tab within the Security & Performance Centre.
