- Stay informed and be in touch with security related news.
- Watch traffic to your site. Put host-based intrusion detection devices on your web servers and monitor activity looking for any irregularities.
- Put in firewall.
- Configure your firewall correctly.
- Develop your web content off line.
- Make sure that the web servers running your public web site are physically separate and individually protected from your internal corporate network.
- Protect your databases. If your web site serves up dynamic content from database, consider putting that database behind a second interface on your firewall, with tighter access rules than the interface to your web server.
- Back up your web site after every update.
