Hacking Attacks – Prevention

Hacking Attacks – Prevention

The first three steps are suggested by security consultant Jay Beale in his interview with Grant Gross, when asked how administrators can protect themselves from system attacks.

1. Harden your systems (also called “lock-down” or “security tightening”) by

* Configuring necessary software for better security
* Deactivating unnecessary software – disable any daemons that aren’t needed or seldom used, as they’re the most vulnerable to attacks
* Configuring the base operating system for increased security

2. Patch all your systems – Intruders can gain root access through the vulnerabilities (or “holes”) in your programs so keep track of “patches” and/or new versions of all the programs that you use (once the security hole is found, manufacturers usually offer patches and fixes quickly before anyone can take advantage of the holes to any large extent), and avoiding using new applications or those with previously documented vulnerabilities.

3. Install a firewall on the system, or at least on the network – Firewalls refer to either software (ex. ZoneAlarm) and/or hardware (ex. Symantec-Axent’s Firewall/VPN 100 Appliance) that block network traffic coming to and leaving a system, and give permission to transmit and receive only to user-authorized software. They work at the packet level and can not only detect scan attempts but also block them.

You don’t even need to spend a lot of money on this. Steve Schlesinger expounds on the merits of using open source software for a firewall in his article, Open Source Security: Better Protection at a Lower Cost.

At the very least, you should have a packet-filtering firewall as it is the quickest way to enforce security at the border to the Internet.

EPLS offers the following suggestions/services for Stopping Unauthorized Access, using firewalls:

* Tighten the Routers at your border to the Internet in terms of packets that can be admitted or let out.
* Deploy Strong Packet Filtering Firewalls in your network (either by bridge- or routing mode)
* Setup Proxy Servers for services you allow through your packet-filtering firewalls (can be client- or server-side/reverse proxy servers)
* Develop Special Custom Made Server or Internet services client and server software

4. Assess your network security and degree of exposure to the Internet. You can do this by following the suggestions made by EPLS.

* portscan your own network from outside to see the exposed services (TCP/IP service that shouldn’t be exposed, such as FTP)
* run a vulnerability scanner against your servers (commercial and free scanners are available)
* monitor your network traffic (external and internal to your border firewalls)
* refer to your system log – it will reveal (unauthorized) services run on the system and hacking attempts based on format string overflow usually leave traces here
* check your firewall logs – border firewalls log all packets dropped or rejected and persistent attempts should be visible

Portmapper, NetBIOS port 137-139 and other dangerous services exposed to the Internet, should trigger some actions if you check all the above.

Also, more complex security checks will show whether your system is exposed through uncontrolled Internet Control Message Protocol (ICMP) packets or if it can be controlled as part of DDoS slaves through ICMP.

5. When using passwords don’t use

* real words or combinations thereof
* numbers of significance (eg birthdates)
* similar/same password for all your accounts

6. Use encrypted connections – encryption between client and server requires that both ends support the encryption method

* don’t use Telnet, POP, or FTP programs unless strongly encrypted passwords are passed over the Internet; encrypt remote shell sessions (like Telnet) if switching to other userIDs/root ID
* use SSH (instead of Telnet or FTP)
* never send sensitive information over email

7. Do not install software from little known sites – as these programs can hide “trojans”; if you have to download a program, use a checksum, typically PGP or MD5 encoded, to verify its authenticity prior to installation

8. Limit access to your server(s) – limit other users to certain areas of the filesystem or what applications they can run

9. Stop using systems that have already been compromised by hackers – reformat the hard disk(s) and re-install the operating system

10. Use Anti-Virus Software (ex. Norton Anti-Virus or McAffee) and keep your virus definitions up-to-date. Also, scan your system regularly for viruses.

Some of the ways by which Web hosting providers’ Security Officers Face Challenges, are discussed by Esther M. Bauer. These include:

* looking at new products/hacks
* regularly reviewing policies/procedures
* constant monitoring of well known ports, like port 80, that are opened in firewalls
* timely installation of patches
* customized setup of servers that isolate customers from each other – “In a hosting environment the biggest threat comes from inside – the customers themselves try to break into the system or into other customers’ files”
* investment in firewall, VPN devices, and other security measures, including encrypted Secure Sockets Layer (SSL) communication in the server management and account management systems
* installation of secure certificates on web sites
* purchase and deployment of products according to identified needs
* monitoring suspicious traffic patterns and based on the customer’s service plan, either shunting away such traffic as bad, or handling it through a content-distribution system that spreads across the network

Similar Articles : Ad Management Scripts/SoftwareBroken Link CheckersCaching Web Site for SpeedCloaking in Web Hosting Web Sites PagesHacking Attacks – How and WhyHacking Attacks – PreventionManaged Hosting Web Hosting,New Webmasters Guide to Hosting Bloggers and Bulletin BoardsOnline News Publishing for FreeosCommerce ContributionsOSCommerce for ECommerce StoresSpeeding Up Web Page Loading – Part I (1)Speeding Up Web Page Loading – Part II (2)Tracking Web Site TrafficWeb Site Backup WebpageWeb Site CompressionWebsite/Network MonitoringGuide to Setting Up Your Own Website