web hosting

Hack-Proofing Your Dedicated Server

Having a dedicated server is one of the true signs that you have made it as a small to medium sized business owner.  Unfortunately, it also makes you a likely target of hacking and other security threats.  Securing any machine equipped with a web or application server is a huge challenge, one you may not be able to overcome alone.  You need to worry about everything from your email and FTP communications to OS and kernel patches.  And let’s not forget about those web technologies that can bring you so much functionality along with a lot of grief when not properly secured.  This web-based world we live in can be very hazardous to any business so if you want to protect your server, we suggest paying close attention to the contents of this article.

Must-Have Defenses

Securing a dedicated server begins with creating a two-layer bullet proof vest to deflect the attempts of the enemy.  Two of the most effective weapons to carry into battle: firewall and intrusion protection technology.  With a firewall, your server will be able to fight off common exploits such as DDoS (distributed denial of service) and brute force attacks.  Usually originating from multiple unsecured, enslaved machines, the dreaded DDoS attack will slam your dedicated server with awful amounts of insignificant traffic, overwhelming critical resources and rendering the hardware inaccessible to legitimate users.  A quality firewall with good configurations will enforce rules that filters access and blocks malicious traffic while allowing legitimate traffic to pass.  This is all done in a way that reduces latency and slow moving processes, so it all appears transparent to the end-user.

Though similar in a nature, intrusion detection and prevention takes a more advanced approach towards server security.  This technology blocks malicious traffic right at the source, locking compromised hosts in a quarantine area all while routing genuine user traffic in a quick and efficient manner.  If a firewall represents your first line of defense, then intrusion protection serves as your behind enemy lines mechanism.  This powerful combination allows you to shift security measures from a reactive to proactive aspect.

Don’t Stop There

While the implementation of firewalls and intrusion protection make good first steps, one should keep in might that this isn’t the set it and forget it type of deal.  In order to stay ahead of the hackers, malware coders and corporate saboteurs you must consistently employ vigilance as well as frequent updates of your patches, blacklists, filters and other vital elements.  Purchasing and installing a few security devices and applications can be viewed as the easy part.  Managing them with efficiency is an entirely different story.

Because properly securing a dedicated server is cost prohibitive for most small and medium sized organizations, you may want to consider a managed service to help keep the intruders away.   Managed hosting is the often overlooked aspect of a dedicated server that could spell the difference between running a successful business, or going down because of a major security breach.  If you are not sure where you stand on server security, consult your IT team or speak with a professional firm for guidance.

Is Your Business Website Secure?

People are using the internet to commit malicious crimes everyday.  And while virus infections and scams pose a significant threat, one of the biggest problems of all is website hacking.  If you’re running a business online, losing sensitive data to a security breach could be enough to shut you down for good.  If you truly want to know how secure your business website, we suggest posing the following questions to yourself:

What are your trying to secure? For most companies, this includes confidential data such as customer records and payroll information.  However, you shouldn’t forget all the essentials like staff morale and most importantly, your company’s reputation.

What are your risks? The scope of today’s threat model is larger than it has ever been.  Not only do you have to worry about malicious software and hackers, but internal theft and physical threats as well.

Who is responsible for security? Do you have an experienced system administrator or are you going at it alone?  Many companies leave themselves wide open all because they do not have the internal resources needed to enable adequate security.

What are your doing about security? What are your plans for security?  Have you installed the appropriate software technologies to protect your network?  Are you enforcing security policies and training staff to make sure they know the risks?

Making sure your business website can be a full-time job.  Fortunately, there are several preventive measures that can be taken to prevent a disaster.  While some of it only seems practical, far too many companies overlook the intangibles and increase their likelihood of being victimized.  This checklist will help you understand what you need to do right now to start protecting your business.

Invest in Physical Security - While cyber crimes have become highly sophisticated, the easiest way to disrupt any business is to still their PC or server.  You can make this far more difficult by physically locking your office and coupling that with motion detectors and alarms.

Frequent Backups - The importance of data backups is something that just can’t be stressed enough.  Even is disaster does strike, you can ensure a speedy recovering by regularly backing up critical data and storing it in an off site location.

Implement Access Controls – As unfortunate as it is, everyone can’t be trusted – even some of the members on your staff. You should only provide employees with access to confidential data on a need-to-know basis in accordance to their role in the organization.  Nothing is guaranteed but this can dramatically minimize the risk of sabotage and data theft.

Continuous Training and Policy Enforcement – The mere behavior of your staff can be a major security risk.  Make sure your staff has a clear understanding of what they are and are not to be doing online.  Put some policies in place to ensure that everyone is operating with security in mind and come up with some repercussions for those who don’t comply.

Protect Your Website - When doing business online, the website is what forms the foundation for your organization.  The more you rely on your site, the bigger target it will become.  Therefore, it is critical to do everything to possible to make sure your applications and the site itself is secure.

Fighting Back Against Website Attacks

Despite all the advancements that have been made in information security, hacking attacks continue to be a major problem, inflicting damage on some of the biggest companies.  Every year, it seems as if we hear a story where some major company has been hacked and thieved of invaluable information. Although large corporations make better targets, small businesses are not exempt from such attacks.   You may feel that the data on your website is not all that confidential or mission-critical, but an ambitious hacker might think otherwise.

What Motivates a Hacker?

Hackers hack websites for a number of reasons.  Some are after personal information while others merely do it for the thrill and gaining stripes in the hacker community.  While every hacker has their own motivation, a successful attack boils down to one factor – the webmaster’s lack of knowledge.  Even an intermediate hacker can break into your website, change your home page and steal sensitive information all by downloading readily available tools from the internet.  Whether you are a beginner or seasoned webmaster, the best way to protect yourself against website hacking is knowing how a hacker operates.

A Two-step Approach

The first step a hacker will take is to scan your web applications for any known vulnerabilities.  This can be done with a penetrating test process that is performed either manually are automated by certain programs or scripts.  Finding an insecure application is the most crucial step in any website attack and translates to holes you can’t afford to leave open.

The next step in website hacking is coming up with an exploit able to take advantage of the vulnerabilities.  There are many exploits but all share the similar goal of allowing an intruder to penetrate your website.  Here is where you need to be aggressive and take steps to prevent an exploit rather than trying to bounce back after the attack.  If you scripted your own applications, you need to go back carefully and look them over to process any modifications that may be needed to the source codes to close the gaps.  When done correctly, you can dramatically reduce the probability of a website attack.

Practicing Website Security

Properly securing your applications is something that can be accomplished even if you are not an expert in the security field or simply do not have the money required to hire a thorough, experienced web developer.  In fact, security knowledge comes at an inexpensive price and is worth looking into when considering that it can keep your website safe.  Basic knowledge can be obtained by keeping yourself informed on the web applications you are using along with all known vulnerabilities that relate to them.  Additionally, you can minimize vulnerabilities by applying the latest updates and patches to your applications and using the best security practices.

Aside from practicing website security, it also a good idea to have a basic understanding of common techniques attackers employ to hack websites.  Some of the most popular methods include SQL injection and cross site scripting to name a few.  The best way to deter the attempts of a savvy hacker is to defeat them with your own knowledge.

Why Hackers Hack Websites

Security experts and various studies reveal that website hacking is definitely on the rise.  Today’s hackers are more advanced than ever before, often working together in close-knit communities trading tips and tools with one another.  These twisted individuals take their business serious, having countless online forums where updates are posted daily to help each other get around the latest security mechanism and increase the number of victims.  What makes website hacking so detrimental is that there are so many types of attacks.  In addition, different hackers have different goals in mind.

Hacking for Sensitive Information

Any who frequents the web can see that almost every website consists of numerous applications.  This goes from simple email forms and login pages to shopping carts and more dynamic creations.  These applications all share the common goal of allowing web surfers to submit and retrieve a given level of personal or sensitive information stored in an underlying database.  When such applications are not secured, you are essentially opening the gate leading to your most confidential data.  Just think if you’re involved in e-commerce – those databases probably contain credit card numbers and details regarding your customers.  If a hacker is able to inflict damage, your business could be in great peril.

Hacking to Steal Bandwidth

Bandwidth is one of the most vital internet resources and plays a major role in the functioning of your website.  Coupled with the expense, the opportunity to conduct illegal business is enough motivation to provoke a website hacking.  A knowledgeable hacker could penetrate a web-based application, leach off a large amount of bandwidth and go on with their illicit activities.  When this occurs, the web hosting provider’s server is being used to help carry out illegal business without them even realizing it.

Hacking to Distribute Illegal Content

One of the most common reasons website attacks occur is to accommodate hackers looking to distribute illegal content while leaving no trace of themselves.  This is often done to trade pirated software or even something as disturbing as child pornography.  When these activities are traced by the authorities, the trail only leads back to the website owner who could likely face legal implications, the loss of credibility or worse.

Hacking for Search Engine Rankings

It is a proven fact that search engines are one of the most effective ways to generate qualified visitors.  Hackers are aware of this as well and will do whatever it takes to get ahead.  Some are so advanced that they have the ability to inject hidden keywords into the websites of unsuspecting owners.  Search engines like Google frown down on such activities and will often penalize anyone caught spamming its database.  In this case, it’s the victimized website owner.  This is something that could really impact the ability to effectively promote your business.

Protect Your Website

The importance of application security just can’t be stressed enough.  These are just a few of several factors that motivate hacking and if your website isn’t secure, you could be the next victim.

Browsers Aiding in Website Attacks

Website attacks are on the rise with intruders using an array of hacking techniques from cross site scripting to SQL injection.  Although careless development and insecure applications play a major role in a site’s vulnerability, the typical web browser is a contributing factor as well.

Despite the fact that several improvements have been made, none of the top web browsers are completely secure.  Because of this, many web security experts are projecting that website attacks will continue to be an issue.  The combination of enhanced functionality and the lack of adequate security implementations have left a number of browsers vulnerable to sophisticated attacks.  Some researchers are saying that the increasing number of exploits is the direct result of Web 2.0 technologies and advanced web hosting features.

Evolution in Technology Opens Doors to Further Threats

Things were fairly innocent in the early days of the internet when static pages were prevalent, before technologies such as JavaScript and Active X came into play.  Today’s World Wide Web is dominated by dynamic web-based applications and complex server-side scripting languages, factors that enable browsers to be used in various ways to exploit websites.  Gary McGraw of Cigital, a software security company, agrees that these feature-rich designs have made browsers far less secure, stating that they are structured more like complete operating systems.

This past September Google released Chrome, its new web browser which was immediately faced with stiff competition in the form of Microsoft Internet Explorer, Mozilla Firefox, Apple Safari and Opera.  While internet users have a wide variety of browsers to choose from, the options are still limited in terms of security, including Chrome.  Experts contend that the browser war of who can out do one another in the feature department is what ultimately leads to these security vulnerabilities.

Though quite serious, the security issues associated with today’s popular web browsers are not attributed to a lack of effort.  Some say that developers are doing all they can but when considering the fact that website attacks such as cross site scripting and cross site request forgery are typically the result of design, these flaws tend to be much harder to fix than bugs found in software code.  Observers suggest that the vulnerabilities are not going to disappear entirely but do stress that browser developers can do more to enhance security.

In general, development teams only have a little time to address browser vulnerabilities before the hacker community is able to discover them.  Developers are being encouraged to practice browser security just like those who make other software products.  This is extremely important as the major web browsers literally have hundred of millions of users.  One solid approach towards website security is standardized authentication, something that would need to be addressed by system administrators.  Another recommendation is for browser developers to design products that alert users when they are being directed to intranet zones such as localhost or RFC1918 as attackers are increasingly targeting internal devices.  Security firms have also predicted that the manner in which data is handled when requests are made between a browser and website should play a critical part in future designs.