An insight of possible dangers of your server – What you don’t know can hurt you.
As Donald Rumsfeld was famous for saying, the biggest problems are the unknown unknowns. Put another way, you can be blissfully unaware that something is wrong. Think this applies just to the security of the nation? Think again! One of the most prolific of problems that hosting companies the world over have to deal with is a compromised server. Once a server is compromised, all its data and resources and effectively handed over to the bad guys. Worse still is that you may not know it’s happened until it’s too late – if at all!
Servers are compromised for any number of different reasons. Here are a few of the more common ones:
- To gain illicit access to customer records or other sensitive data, such as credit card details – i.e., for financial gain.
- To prevent a service from functioning: sometimes referred to as a Denial of Service (DoS) attack or a Distributed Denial of Service (DDoS) attack.
- To deface a web-site or to otherwise try to embarrass or shame a particular company.
- To use the resources of the server for other purposes, such as participating in a DDoS or generating SPAM.
Whatever the reason for the compromise, one of the principal objectives of the hacker is to not get caught. They may go to extremely elaborate attempts to hide their tracks to prevent detection and, sadly, many people can be compromised for quite some time before they learn about it. By that time, the damage could already be done.
“Most hackers are like most thieves. They are opportunistic. It’s much easier for a thief to make away with a set of keys or handbag that’s just lying around than it is to break into a house or a car.”
So, how do servers become compromised to begin with? Sadly, there are a number of ways that a malicious hacker can get into a system. Here are some of the more popular ways:
- Weak passwords – or worse still, no password at all! Easy to guess passwords, such as ‘123456’ or ‘admin’ or ‘password’ make a server a temptingly easy target. Some systems or applications come with pre-defined, factory-set passwords that the new owner simply never bothers to check and change. That’s just inviting disaster.
- Network sniffing – If you are using an insecure protocol, such as FTP, and you type in your credentials (username & password), it’s relatively straightforward for a neighbor on the same network to ‘sniff’ the network looking for the characters you are typing in, as they are being transferred unencrypted across the network and easily detected. That’s why using secure protocols, such as SFTP, SSH or HTTPS is always recommended as a bare minimum. Using insecure protocols is like jotting your passwords down where someone could easily find them.
- Software vulnerabilities or out of date (unpatched) software – Once a security vulnerability has been discovered, it’s important to apply the appropriate patches as soon as possible. Out of date systems are among the easiest of systems to penetrate if you know how – and the malicious hacker certainly does know how!
- Phishing (pronounced fishing) – or other social engineering tricks attempt to con a user into revealing information that can be later used to gain unlawful access to a system. A lot of these are easy enough to spot (think about how many fake e-mails you’ve received from ‘your bank’ asking you to verify your details) but there are others that are not so obvious.
Most hackers are like most thieves. They are opportunistic. It’s much easier for a thief to make away with a set of keys or handbag that’s just lying around than it is to break into a house or a car. They will tend to find the path of least resistance. The same is also true of computer hackers. If there’s an easy way in, perhaps a weak password or you might be running a piece of software that’s not up to date, then this is the first thing they will try. Unfortunately, hackers have an arsenal of tools at their disposal that they can use to probe a given server until a weakness is found. These tools are becoming increasable sophisticated and it can be all too easy for a hacker to find a way into a system.
Keeping your system and software up to date and following basic best practices, such as maintaining strong passwords, using secure protocols, installing specialized security software, etc., is your best defense. It’s also important to check your system periodically for compromises and to act as soon as you find anything untoward. The best way to deal with unknowns is to first make them known!