There is no point in building a website unless there are visitors coming in. A major source of traffic for most sites on the Internet is search engines like Google, Yahoo!, MSN, Altavista and so on. Hence, by designing a search engine friendly site, you will be able to rank easily in search engines and obtain more visitors.

Major search engines use programs called crawlers or robots to index websites to list on their search result pages. They follow links to a page, reads the content of the page and record it in their own database, pulling up the listing as people search for it.

If you want to make your site indexed easily, you should avoid using frames on your website. Frames will only confuse search engine robots and they might even abandon your site because of that. Moreover, frames make it difficult for users to bookmark a specific page on your site without using long, complicated scripts.

Do not present important information in Flash movies or in images. Search engine robots can only read text on your source code so if you present important words in Flash movies and images rather than textual form, your search engine ranking will be affected dramatically.

Use meta tags accordingly on each and every page of your site so that search engine robots know at first glance what that particular page is about and whether or not to index it. By using meta tags, you are making the search engine robot’s job easier so they will crawl and index your site more frequently.

Stop using wrong HTML tags like <font> to style your page. Use CSS (Cascading Style Sheets) instead because they are more effective and efficient. By using CSS, you can eliminate redundant HTML tags and make your pages much lighter and faster to load.

 If you run a website, chances are you often wonder whether it is the right time to do a total redesign of the layout of your website. Here are some points to consider:

Are you thinking of a redesign just for the sake of it? If you answered yes to that question, it is not yet the right time to do a redesign. Remember, a design serves a specific purpose. If you are not sure whether to do an overhaul of your site, keep in mind that your current design might have a specific purpose that you might not know about. You will lose that function if you do a redesign.

On the other hand, if your website has had the same website design since 1990, perhaps it is high time to do a redesign. The last thing you would ever want to happen to your site is when visitors leave your site without taking a look at your content just because the design is old fashioned. If this is your case, here are some points to ponder before doing a redesign.

Redesigning your website is like performing plastic surgery on it. Your website loses its current identity (for the better or worse) and your regular visitors might not recognize your new design at first glance. You risk losing them just because they thought they landed on the wrong page. Hence, it is very important that you retain a characteristic feature from your old layout. Perhaps it is the logo of your site; perhaps it is the same text style for the title for your site.

To play it safe, put a poll on your site to let your visitors do the talking. If they think it is necessary for the website to have a fresh look, give it to them!

When it comes to your website, extra attention should be paid to every minute detail to make sure it performs optimally to serve its purpose. Here are seven important rules of thumb to observe to make sure your website performs well.

1) Do not use splash pages

Splash pages are the first pages you see when you arrive at a website. They normally have a very beautiful image with words like “welcome” or “click here to enter”. In fact, they are just that — pretty vases with no real purpose. Do not let your visitors have a reason to click on the “back” button! Give them the value of your site up front without the splash page.

2) Do not use excessive banner advertisements

Even the least net savvy people have trained themselves to ignore banner advertisements so you will be wasting valuable website real estate. Instead, provide more valueable content and weave relevant affiliate links into your content, and let your visitors feel that they want to buy instead of being pushed to buy.

3) Have a simple and clear navigation

You have to provide a simple and very straightforward navigation menu so that even a young child will know how to use it. Stay away from complicated Flash based menus or multi-tiered dropdown menus. If your visitors don’t know how to navigate, they will leave your site.

4) Have a clear indication of where the user is

When visitors are deeply engrossed in browsing your site, you will want to make sure they know which part of the site they are in at that moment. That way, they will be able to browse relevant information or navigate to any section of the site easily. Don’t confuse your visitors because confusion means “abandon ship”!

5) Avoid using audio on your site

If your visitor is going to stay a long time at your site, reading your content, you will want to make sure they’re not annoyed by some audio looping on and on on your website. If you insist on adding audio, make sure they have some control over it — volume or muting controls would work fine.

In 2004, online consumer spending was at a record $65.1 billion.  More and more people are attracted to the ease of online shopping and are spending higher amounts.  Unfortunately, the chances of becoming a victim of Internet fraud are also increasing.  The Internet National Fraud Center Watch reported that the average loss to fraud victims for just the first six months of 2005 was $2,579.   This is compared to the $895 average for all of 2004.   Complaints relating to general merchandise purchases (goods never received or misrepresented) accounted for 30% of Internet fraud complaints, and auction purchases (goods never received or misrepresented) topped the list at 44%.

While many e-commerce Websites are reputable and have taken the necessary safety precautions to protect you, it never hurts to always proceed cautiously.  If you are making an online purchase consider these easy steps:

1. Use only one credit card, preferably with a low credit limit, when making online purchases.  Avoid using an ATM or debit card.
2. Be wary of unsolicited offers by sellers.  The Internet National Fraud Information Center Watch reported that email, as a method of contact by Internet scammers was up 22% in 2004.While the offer may be legitimate, spammers like to use this tactic to side-step reputable sites that provide consumer protection for online purchases.
3. Use only reputable e-commerce websites that list a street address and telephone number in case you need to contact them directly.
4. Read the website’s privacy policy.  Some websites may reserve the right to sell/give your information to a third party.  Check the document to see if they allow an opportunity to “opt-out” of receiving special offers from third-party vendors or for permission to share your personal information.
5. Check for a lock symbol in the status bar at the bottom of your Web browser window.  Also, do not provide your personal information if the website address doesn’t start with “https” (a sign that the site is using a secure server).
6. Choose only verified sellers.   Check to see if the vendor is a verified member of a reputable third party such as the Better Business Bureau, VeriSign, or Guardian eCommerce.  These third-party sites help to ensure online consumers will be protected when shopping or conducting e-commerce transactions.
7. Check that the delivery date posted is reasonable.  If you have not dealt with the vendor on a regular basis, be wary of any Website that states the shipment will be delayed  20 or more days.  Delivery dates of 7-10 days are more common.
8. Keep a paper trail of all online transactions.  Print out a hard copy of the transaction and keep it in a file for future reference.
9. Be wary of website offers that just sound too good to be true.  The Internet is littered with get rich quick scams and false advertising claims.  Investigate all claims thoroughly before proceeding.
10. If you do not receive what you paid for, and the vendor will not return your emails or calls, contact your state’s Department of Consumer Affairs for further assistance.

Intrusion Detection System (IDS) are a necessary part of any strategy for enterprise security. What are Intrusion Detection systems?  CERIAS, The Center for Education and Research in Information Assurance and Security, defines it this way:

“The purpose of an intrusion detection system (or IDS) is to detect unauthorized access or misuse of a computer system. Intrusion detection systems are kind of like burglar alarms for computers. They sound alarms and sometimes even take corrective action when an intruder or abuser is detected. Many different intrusion detection systems have been developed but the detection schemes generally fall into one of two categories, anomaly detection or misuse detection. Anomaly detectors look for behavior that deviates from normal system use. Misuse detectors look for behavior that matches a known attack scenario. A great deal of time and effort has been invested in intrusion detection, and this list provides links to many sites that discuss some of these efforts”(http://www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/)

There is a sub-category of intrusion detection systems called network intrusion detection systems (NIDS).  These systems monitors packets on the network wire and looks for suspicious activity. Network intrusion detection systems can monitor many computers at a time over a network, while other intrusion detection systems may monitor only one.

Who is breaking into your system?

One common misconception of software hackers is that it is usually people outside your network who break into your systems and cause mayhem.  The reality, especially for corporate workers, is that insiders can and usually do cause the majority of security breaches. Insiders often impersonate people with more privileges then themselves to gain access to sensitive information.

How do intruders break into your system?

The simplest and easiest way to break in is to let someone have physical access to a system.  Despite the best of efforts, it is often impossible to stop someone once they have physical access to a machine. Also, if someone has an account on a system already, at a low permission level, another way to break in is to use tricks of the trade to be granted higher-level privileges through holes in your system. Finally, there are many ways to gain access to systems even if one is working remotely. Remote intrusion techniques have become harder and more complex to fight.

How does one stop intrusions?

There are several Freeware/shareware Intrusion Detection Systems as well as commercial intrusion detection systems.

Open Source Intrusion Detection Systems

Below are a few of the open source intrusion detection systems:

AIDE (http://sourceforge.net/projects/aide) Self-described as “AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.  There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.”

File System Saint  (http://sourceforge.net/projects/fss) – Self-described as, “File System Saint is a lightweight host-based intrusion detection system with primary focus on speed and ease of use.”

Snort  (www.snort.org) Self-described as “Snort® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.”

Commercial Intrusion Detection Systems

If you are looking for Commercial Intrusion Detection Systems, here are a few of these as well:

Tripwire

http://www.tripwire.com

Touch Technology Inc (POLYCENTER Security Intrusion Detector)

Http://www.ttinet.com

Internet Security Systems (Real Secure Server Sensor)

http://www.iss.net

eEye Digital Security (SecureIIS Web Server Protection)

http://www.eeye.com

“A botnet is comparable to compulsory military service for windows boxes” – Stromberg  (http://project.honeynet.org/papers/bots/)

Botnets are networks of computers that hackers have infected and grouped together under their control to propagate viruses, send illegal spam, and carry out attacks that cause web sites to crash.

What makes botnets exceedingly bad is the difficulty in tracing them back to their creators as well as the ever-increasing use of them in extortion schemes.  How are they used in extortion schemes?  Imagine someone sending you messages to either pay up or see your web site crash. This scenario is starting to replay itself over and over again.

Botnets can consist of thousands of compromised machines. With such a large network, botnets can use Distributed denial-of-service (DDoS) as a method to cause mayhem and chaos. For example a small botnet with only 500 bots can bring corporate web sites to there knees by using the combined bandwidth of all the computers to overwhelm corporate systems and thereby cause the web site to appear offline.

Jeremy Kirk, IDG News Service on January 19, 2006, quotes Kevin Hogan, senior manager for Symantec Security Response, in his article “Botnets shrinking in size, harder to trace”, Hogan says  “extortion schemes have emerged backed by the muscle of botnets, and hackers are also renting the use of armadas of computers for illegal purposes through advertisements on the Web.”

One well-known technique to combat botnets is a honeypot. Honeypots help discover how attackers infiltrate systems. A Honeypot is essentially a set of resources that one intends to be compromised in order to study how the hackers break the system. Unpatched Windows 2000 or XP machines make great honeypots given the ease with which one can take over such systems.

A great site to read up on this topic more is The Honeynet Project (http://project.honeynet.org) which describes its own site’s objective as “To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.”