Websites multiplying from days to days on the web, the need for web hosts is becoming more and more pressing. It should be known that for a hosting of site it is necessary to enter into a contract with the host, like any serious activity these days. The hosting of a site therefore necessarily requires a hosting contract.

Web hosts today occupy a place of choice on the web. Therefore, it is important to study the hosting contract that is between a user and a company with the server. Knowing the obligations related to hosting contracts will therefore be an asset for any other party.

Definition

The hosting contract is a contract between a user and a company with a server, whereby the provider hosts the user's website on his own machines.

The hosting server receives and stores the information provided by the user and makes it accessible to other users on the network. It may be an extension of the access provision contract when the access providers offer their customers the hosting of internet pages.

The site hosting feature is therefore something particularly important especially in our new era. Accommodation contracts will have to be seriously established.

Hosting contracts must contain several clauses, such as security clauses or confidentiality clauses. Other clauses may be required. These hosting contracts, signed between the parties will protect both the provider but also the customer. The different clauses of hosting contracts will also affect the protection of Internet users visiting hosted sites.

The preamble

It must make it possible to recall the general functioning and the constraints generated by an open network such as the Internet.

On this occasion, the supplier can state the main definitions relating to the benefit in question.

Characteristics of the accommodation

The host must make available to its subscriber, for remuneration, a storage space on a computer server.

It should be noted that the server is a software or hardware computing resource that is capable of delivering information or performing on-demand processing of other software or computers. Thus, a hardware server can host various software servers (web server and e-mail server).

The volume of this space must be able to vary as the hosting server must be able to accommodate data and software applications in case of future developments (special clause of guarantee of evolution according to the future needs of the hosted).

It is therefore for the parties to agree precisely on the evaluation of the memory capacity offered in the context of hosting and the availability of this space.

The host must also be able to offer a sustainable supply of adequate bandwidth, again with an evolution clause taking into account the future needs of the tenant (individual or business).

The combination of these two criteria will predict the number of simultaneous accesses that the website will be able to accommodate.

The parties will also have to contractually determine the terms and conditions for sharing the resources available at the hosting company vis-à-vis its various clients.

It will be a question of choosing between a server shared between several different applications coming from different clients too (shared server) and a server reserved exclusively for the applications of a company (dedicated server).

Declarations of websites

The various declarations relating to the websites are in principle devolved to the authors, but can be delegated to the accommodation provider.

The main statement remains the declaration to the Commission Nationale Informatique et Libertés ( CNIL ) relating to the automated processing of data.

The professional sites must include certain mentions (name of the publisher, of the editorial manager, ...) which will be inserted on the site by the authors of this site.

The hosting contract can provide that the declarations are made by the hosting provider, especially if it manages the statistics of the site, and information on the customers (electronic payment, ...), because in this hypothesis it is the most informed of the measures to declare to the CNIL.

Other services can be done by the host, for example the registration of the domain name.

In all these cases it will be necessary to provide in writing these services by specifying the modalities in order to avoid later disputes on the ownership of a domain name for example.

The accommodation provider who will carry out formalities in the name of his client will of course have to inform him of the progress of the procedures and when they have succeeded in giving him the supporting documents.

Confidentiality and content security clauses?

The confidentiality clause is neither mandatory nor always necessary, it may depend on the type of content hosted.

Since the hosting provider has access to information such as the names of clients and business partners, it is necessary to draft a confidentiality agreement concerning this sensitive information.

We will then take care to specify the protected information, the methods of storage and delivery or destruction of this information.Concerning the security of the content, this clause is essential, it must specify the modalities implemented to ensure the security of the data and the site.

For data security, it may be necessary to specify the frequency and extent of data backups, possibly the support of these backups.

For the security of the site, it is here to ward off external attacks. This clause must provide for the encryptions used in the context of electronic commerce , the passwords and means of access to the site by the managers of the hosted site, and the technical means implemented to protect the site against piracy act of software or material measures.

When it is a dedicated server, protection measures can be taken care of by the hosted, in this case, the host may be discharged of its responsibility in case of hacking if the security means n ' were not enough.

With regard to the security of the site, its management must be considered from the angle of physical and logical security.

In the first case, it will be necessary to determine the conditions of access to the server as computer hardware; this implies that the host puts in place a secure environment concerning the access of the people, a specific system of surveillance to prevent any physical intrusion in the space where the server will be located, the conditions of intervention in case of breakdown and the provision of on-call staff according to defined deadlines and rates.

In the hypothesis of logical security, that is to say the data transiting through the website and their protection against any form of computer intrusion, the service provider must ensure the establishment of computer protection systems (also called firewall ) conform to available technologies.

In this context, it will be impossible to oblige the supplier to an obligation of result; only an increased obligation of means will be possible and that will have the effect of forcing the provider to prove that he did not breach the normal obligations incumbent upon him, in case of unauthorized computer intrusion.

This dual aspect responds to the concern to ensure the confidentiality of the information contained on the site.

We also need to look at the status of hosted data. The contract must provide that these data remain the exclusive property of the host and as such they will be fully returned to their holder at the end of the contract.

Downloading and modifying sites: which reliable techniques should the customer demand? How should the provider protect himself from uncontrolled changes?

The terms of access to the site for downloading or modification must be provided as of the original contract: it may be access via the FTP protocol or by administrative interfaces or by specific software.

It may also be necessary to provide telephone technical support in order to obtain help when accessing the site.

The update of the site can be done physically at the server, this requires a move to the headquarters of the servers but is a guarantee of security, since the update can not be done remotely.The provider may also limit updates to the site, but in this case it must provide for it in the contract. This limit can be quantified in frequency of modification of the site, in quantity of data, ...

How to guarantee fast access for users to hosted content?

It is necessary to distinguish according to the type of hosting: shared hosting or dedicated server.

Shared hosting is the entry level of the majority of providers, it consists of the rental of a machine whose resources are shared by several sites, each of the customers can exploit some of the resources of the machine.The dedicated server is a more expensive service, the host hires a machine that is totally dedicated to the customer site. (Sometimes, even the host only rent the connection, the machine is provided by the customer)

In the case of shared hosting, the different clients sharing the resources of the machine, when one of the customers misuses the resources, it reduces those of the other customers.

In the case of shared hosting, the hosting provider must specify in its hosting contract the resources used by the sites hosted and provide for the possibility of sanctioning customers who abuse these resources, it must in exchange allow its customers to check the use of resources.

For the dedicated server, the problem does not arise in these terms, since the server has its own resources.

In both cases, the host must contractually specify the technical possibilities offered by its hosting: number of possible simultaneous visitors, bandwidth, availability rate, ...

The host must then ensure the effectiveness of these features, otherwise it may be contractually liable.

What statistics to require by contract? How to ensure that the contract will be followed by effects?

The statistics needed depend on the type of site exploited, all the sites do not claim the same statistics, some may be indispensable for some and useless for others.

In the most common statistics there are the number of hits, the number of visits, the number of visitors, the page views, the frequency of visits, visiting hours, ...

It may be possible for the most demanding sites to request statistics updated more frequently (hourly, or even in real time), statistical statistical tools (studies on a day, a month, a year, ...), or even specific tools that meet a particular need.

All these tools must be planned from the beginning because the subsequent addition may result in a change in the price of accommodation.

What special provisions regarding cookies?

The setting up of cookies can be decided by the host or the host.

The establishment by the host responds in general to statistical needs, the host should inform the host of the implementation of such processes including to inform visitors of their rights under the law and freedoms.

This obligation to inform the visitor remains in place when the establishment of cookies is the result of the will of the host, but the contract may provide that this implementation passes through the information of the host, or even submit to his agreement.

Under what conditions can accommodation be suspended?

The contract may provide for a certain number of suspension of contracts, particularly in the event of breach of contractual obligations, making illegal content available on the Internet, etc.

It will then be necessary to provide in the contract the terms of this suspension. In general the suspension is preceded by a warning which if not followed by effects will be followed by a suspension. The duration of the suspension can be planned in advance or be limited to the regularization of the problem.

What plan of reversibility to envisage in case of change of provider?

The transfer of the website hosting and or domain name (s) at the end of the contract must absolutely be included in the contract. It is indeed more prudent to set the terms of these transfers.

Care should be taken to specify deadlines for the return of data in order to prevent the host from voluntarily dragging out this transfer, but also to set a deadline for the customer to come and retrieve this data in order to avoid blocking storage units.

This return must be made within an imperative deadline in order to guarantee the continuity of the website.

It is up to the host to be careful that no clause in his contract prohibits him from being hosted by a company competing with his original provider.

Can the host provide for clauses limiting his liability? Are they legal?

The clauses relating to the liability of the host are possible but some will be null:

Valid clauses: clauses that limit the liability of the host to his co-contractor are valid, it is the exercise of freedom of contract. However, when the contract is with a (non-professional) consumer, certain clauses can be described as abusive by a judge.

Illegal clauses: all clauses that derogate from the legal liability established by the law of August 1, 2000 are considered null and unwritten, in this case the host cannot escape his responsibility.

What are the types of content deemed objectionable by law?

It is all the contents of which the law sanctions the existence, that it is about the penal or civil law.It may be content criminally sanctioned that is to say when a criminal law prohibits content: this is the case of racist content, discriminatory, defamatory, pedophile, or content constituting counterfeits, ...

But it may also be content that may be the subject of a civil remedy, when a content causes a civil damage punishable to another person.

Any PC can be used to convert old audio cassettes to MP3, to dictate speech and write automatically, to record audio from a website that transmits music or even as a home-made karaoke machine, thanks to its audio outputs that can make the computer as a complete recording studio.

In this guide we are going to find out the meaning of the recording devices of a Windows PC and the audio configuration options and then the differences and the way to use the three inputs that should be included in the standard sound cards of most computers namely: Microphone, Line in input (which is another input for the microphone) and Stereo mix.

Sometimes the SPDIF digital input can also be found, but it is rarely used.

It is also possible to add special devices such as digital terrestrial TV tuner cards to PCs.

To find the audio configuration options of the recording inputs in Windows, go to the Control Panel> Audio> Recording tab.

You can quickly open the registration devices tab also by right clicking on the volume icon on the desktop.

To choose the default audio source, highlight the device you want to use and click Set default.

Most applications will automatically use the default device to record audio, except for some special dictation software that may require a separate source.

However, if you turn the microphone on, just speak to see the green bar light up which means its working.

By selecting the microphone, you can open Properties to adjust some settings.

In the General tab there are some basic information about the device and the option to disable the microphone if it is not used (which for security reasons should be disabled because some malware could activate it and "listen").

If you are not sure if the microphone is working, you can go to the Listen tab to play the sound recorded by the microphone with the PC speakers.

You can then talk to the microphone and hear the voice coming out of the speakers in real time.

Obviously, this works best if you use a suitable, quality microphone and then using the headphones, so that the sound of the speakers does not return to the microphone creating a terribly annoying effect.

It is therefore not possible to sing to the microphone using the computer in this way.

If you use multiple playback devices, you can choose from the drop-down list with which to listen to the microphone.

The Stereo Mixer allows you to record any sound that is played by the computer.

For example, if we are watching a video on the computer, we can record the audio without having to put the microphone next to the speakers, but using the Stereo Mix function and an audio recording program on the computer.

Even with the audio recorder included in Windows it is possible, without any particular difficulty, to choose Stereo Mix as input and record any sound coming from the computer.

It is therefore worthwhile to activate the stereo mix and remember to use it when you want to record a music, the dialogue of a movie or anything else

 In the Layers tab there is the volume slider which is very important for adjusting the microphone sensitivity according to your needs.

If the sound of the microphone or the recordings are disturbed, it may be necessary to turn down the volume.

On the Advanced tab, you can change the default format for the audio.

By default, it is set to channel 1, 16 bit and 44100 Hz which is the quality of the CD.

There are many other options, including the DVD quality to use if you have a nice professional microphone, or the quality recorder that you should use to not have a disturbed sound.

If you return to the Recording tab, select Microphone, you can click on the Configure button to see the Speech recognition configuration window that is not available in Italian.

If we had a Windows PC in English we could then write a text dictating words.

The Stereo Mixerallows you to record any sound that is played by the computer.

For example, if we are watching a video on the computer, we can record the audio without having to put the microphone next to the speakers, but using the Stereo Mix function and an audio recording program on the computer.

Even with the audio recorder included in Windows it is possible, without any particular difficulty, to choose Stereo Mix as input and record any sound coming from the computer.

It is therefore worthwhile to activate the stereo mix and remember to use it when you want to record a music, the dialogue of a movie or anything else.

In all programs it is possible to ambiate the Stereo Mixing audio input to record the sounds of the computer instead of the microphone .

If stereo mixing is not available, it means that the sound card does not support the feature

After WPA and WPA2, the Wi-Fi Alliance presented WPA3, the new security standard for wireless networks.

Among the various ways to secure the Wi-Fi connection , the choice of a suitable cryptographic algorithm is certainly the preferred option for Internet users. At the base there are two reasons one of a technical nature and one of an organizational nature. On the one hand, most routers - both those purchased in specialized centers and those received on loan for use by telephone providers - are already configured with a key that represents the security protocol of the Wi-Fi modem; on the other hand, the cryptographic algorithm is the simplest and most immediate tool to defend your Internet connection - as well as your privacy - when you are surfing wirelessly.

We will analyze below the most used security protocols in this field, highlighting their strengths and weaknesses, without neglecting the examination of the algorithms used for password encryption .

What is and how WEP works

The Wired Equivalent Privacy (equivalent privacy to the wired network) was the first encryption protocol for wireless networks introduced with the standard IEEE 802.11 . Launched in 1999, the WEP is based on the RC4 cipher algorithm , with a secret key of 40 or 104 bits. To this is connected an initialization vector IV ( Initialisation Vector ) of 24 bits that serves to encrypt the plaintext M and the related checksum ICV ( Integrity Check Value, the check value to verify the integrity of the message) calculated with the CRC-32 algorithm.

The security protocol produces its encrypted message C with the following relation:

C = [M || ICV (M)] + [RC4 (K || IV)]

where || is a concatenation operator and + is an XOR operator .

Back in 2001, however, this protocol began to show the first cracks. In an article which has become famous ( Weakness in the Key Scheduling Algorithm of RC4 , Selected Areas in Cryptography, 2001, pp 1-24) Scott Fluhrer, Itsik Mantin, and Adi Shamir pointed out all the flaws and all RC4 algorithm security vulnerabilities caused by these deficiencies.

The three authors showed materially that, by exploiting these vulnerabilities and analyzing a sufficient amount of data traffic, it would be possible to reconstruct the encryption key piece by piece and, therefore, have free access to the Wi-Fi network.

Similar problems have also been found regarding the algorithm used for control values ​​- the CRC-32 - as noted in the article Intercepting mobile communications: the insecurity of 802.11 (MOBICOM 2001: pp.180-189) signed by Nikita Borisov, Ian Goldberg and David Wagner.

In 2004 the final blow came to the shreds of credibility that the WEP protocol preserved - for some it was still usable for domestic and non-crucial applications. In the first few months of the year, however, some cracking programs were released - Aircrack by Christophe Devine and WepLab by José Ignacio Sànchez - which made it possible to pierce a Wi-Fi network protected by this security protocol within 10 minutes.

IEEE 802.11i

Starting in 2001, the Wi-Fi Alliance (the consortium that manages the development and release of protocols related to wireless Internet connectivity) began working on new security protocols that could replace the run-down WEP. The work went on for 3 years and in 2004 the security protocols collected under the IEEE 802.11i standard were ratified. Called Wi-Fi Protected Access in the jargon , it has been implemented in commercial systems in two successive phases, so that today it is possible to use both the WPA protocol and the WPA2 protocol.. The first is a temporary standard, introduced only to buffer the emergency-security caused by the flaws of the WEP, while the second is the final version of the IEEE 802.11i standard.

What is and how WPA works

The encryption of the passwords in this new protocol always takes place through the RC4 algorithm but to 128 bits, to which a 48 bit initialization vector must be added. This coupled - substantially the same at the base of the WEP - is however further joined by the TKIP protocol ( Temporary Key Integrity Protocol ), which allows to dynamically change the cryptographic keys adopted in the transmission of data. Thanks also to an initialization vector which is twice the length of WEP, this solution eliminates the most worrying security flaws of the old protocol.

In summary, WPA uses a dynamic security key creation system, increases the size of the key and uses a more secure message integrity verification system, thus increasing the security of the WLAN in this way. .

Back in 2008, however, experts in computer security had generated methods to "pierce" a WPA network in less than 60 seconds.

What is and how WPA2 works

The official ratification of the IEEE 802.11i standard took place in June 2004 and also brought with it the new security protocol for Wi-Fi networks.

The WPA2 finally manages to solve all the security flaws of the WEP, without adding new as happened with the WPA. With this standard, key innovations were introduced, such as the separation of user authentication from the secrecy and integrity of the message, ensuring a robust, secure and scalable network architecture (suitable, therefore, for both home and industrial networks of big dimensions).

This architecture consists of three elements:

• User authentication, assigned to the IEEE 802.1x standard ;
• The RSN ( Robust Security Network ) protocol that keeps track of the associations between devices connected to the network;
• The CCMP ( Counter-Mode / Cipher Block Chaining Message Authentication Code Protocol ) ensures the confidentiality and integrity of data and the certainty of the sender.

Communication between devices takes place only through a process called four way handshake (translatable as a four-way handshake ). The process is articulated - in fact - in four phases:

1. Security Policy Agreement;
2. 802.1x authentication;
3. Key derivation and distribution;
4. Privacy and data integrity.

In the first phase, the parties involved in the communication establish the security parameters to be respected. The two nodes of the network find a sort of "agreement" on the allowed authentication methods, security protocols for unicast traffic , protocols for multicast traffic and support for pre-authentication.

The second phase is that of authentic authentication, which takes place using the 802.1x standard. This phase starts when the access point requests the identification data from the client and this responds with the chosen authentication method. The exchange of messages between the two nodes of the network continues until a common master key (MK) is created.

Once the second phase is completed with client authentication, the phase of the exchange of cryptographic keys between the two nodes begins. To raise the security level, the keys are changed frequently until the connection between the two nodes is closed. The keys are created and distributed between the two points following a precise hierarchical order established during the previous phases.

The fourth and last phase of the process allows to control the secrecy and integrity of the data exchanged by the two nodes thanks to control values ​​generated by protocols such as TKIP ( Temporal Key Integrity Protocol ), WRAP ( Wireless Robust Authenticated Protocol ) and CCMP.

What is and how WPA3 works

During the CES 2018, the Wi-Fi Alliance presented the new cryptographic security standard for wireless networks. Called WPA3, it will be available in routers and Wi-Fi access points from the second half of 2018. Compared to its predecessor, "caught in the hole" with the KRACK attack , the WPA3 ensures higher levels of security both in the case of private and password-protected Wi-Fi networks, both for free public Wi-Fi networks.

The new wireless security standard adopts a new handshake strategy , which will protect Wi-Fi from "brute force in a dictionary" hacker attacks .

 When we talk about handshake (ie "handshake") we refer to the preliminary steps that allow two network devices to contact and start exchanging data with each other. In particular, during the Wi-Fi handshake , the devices send signals useful to identify each other, so as to be sure that neither is impersonating another "entity", and establish which are the basic parameters to be used during the course of the connection.4-way as part of the system that ensures that all devices connected to the wireless network share the same password (which makes them susceptible to hacker attacks able to steal this information), in the new WPA3 the initial handshake will not be vulnerable to attacks on the dictionary as it is able to encrypt the traffic with different passwords for each connected device, thus ensuring a higher level of security for domestic and non-domestic connections. 

Not only that: if a device attempts to connect to a network over and over again by entering an incorrect password, the WPA3 will "banner" it, excluding it a priori from the possibility of access, thus preventing it from connecting (even in the future) putting at risk all other users on the network.

Moreover, those who connect to public Wi-Fi networks can count on "individualized" cryptography, which will protect the communications of every single device connected to the network by encrypting them "at the root". Finally, a security suite with 192-bit encryption aligned to the standards of the Commercial National Security Algorithm (CNSA) will offer greater security to government and public bodies of all kinds. 

The bit, in this case, is related to the concept of information entropy and indicates the complexity of the encryption key and therefore how simple it is to guess it: the higher its value, the more complex it will be for the hacker to be able to "eliminate the noise "cryptographic and thus discover the message behind it.