Security and data protection are critical issues for any website operator and Easysite is regularly audited by EIBS Ltd and our customers for resilience in the face of attempted security breaches.
However, there are also security issues that arise in the operational capture of personal information by website operators. In particular, issues may arise when personal information is stored and subsequently transmitted without it being secured from third party access.
Easysite allows for the simple configuration of an SSL security certificate to provide piece of mind to users that your website is storing information securely.
For example, the Easysite Resource Centre operates under https access throughout the site – this is a combination of the standard web ‘http’ protocol with SSL encryption to provide encrypted communication and secure identification of a network web server. Previously, this functionality has mostly been employed in e-commerce transactions websites. However, we now recommend that all pages that capture user data (e.g. Website Forms or login pages) are also set to use such security mechanisms.
Note: Easysite runs on the Microsoft application stack and makes use of the SSL implemented by Microsoft for their IIS Web Server, as opposed to OpenSSL - the open source implementation of SSL.
Securing Easysite pages
To begin securing pages within your Easysite community you will first need to enable security using the 'Enable Page Security' option within the Configuration interface.
Once enabled you have flexibility as to whether you wish to apply security on a page by page basis or whether you wish for this to be applied across the entire site using the Page Security (SSL) Settings within your Setup interface.
When selecting 'On A Page By Page Basis', this can then be turned on using the 'Secure This Page' option within the Security tab when Editing your pages although please be aware that the security option will not display if the security is disabled or already configured for all pages.
Securing the Administration interface
To add a further level of security to your sites you are also able to configure the same SSL Security Certificate to reference the entire Easysite Administration interface which can often contain even more sensitive information. Applying the SSL through IIS will result in all administration interfaces for all sites becoming HTTPS secured.
Note: this administration interface security is configured installation wide. You will require a separate SSL certificate per domain in order to access the administration interface from the specific domain in question. However using the site selection allows you to administrate any site from a single, secure domain.
Please contact you account manager in regard to purchasing a digital certificate and having this applied to your installation if your Easysite installation is hosted within the EIBS Hosting Infrastructure, however below you will find a short guide for 3rd party and self hosted customers.
Note: that these instructions describe the process to configure this functionality using Internet Information Systems 7 although this may differ for other versions.
- Obtain the relevant SSL and ensure that appropriate binding are installed on your web servers.
- Login to the Web Server and Open "Internet Information Systems Manager 7"
- Click to expand the required instance or application in the "Connections" panel area on the left hand side of the view.
- Follow the tree down and click to expand "EasysiteWeb" followed by "Easysite"
- Highlight "Administration" then double click the option "SSL Settings" from the central panel area.
- Check here to "Require SSL"
Browsing through Administration should now display over a secured HTTPS connection.
You should be aware that with this configuration, the Easysite administration interface will display a 403 error when accessed from a none HTTPS URL. If this would cause issues, install the Internet Information Systems URL Rewrite Module and configure this to re-direct all traffic hitting /admin/.
