Archive for the ‘Security Advice’ Category

DDoS Threat Growing

Thursday, November 3rd, 2011

Apparently the DDoS threat is growing to a point where it is becoming a major concern for data center managers as firewall products’ efficiency is failing.

The security testing organization NSS Labswhich recently discovered that 3 out of 6 firewall devices stop operating when tested for stability. DDoS has been a major threat for network operators for over ten years since their appearance, but recently these attacks have become more aggressive and have increased in frequency and impact.

DDoS is a “distributed denial of service” and is a violation of the policies of all Internet service providers. The way it works is by sending a great load of requests or ‘attacks’ to the targeted computer. These attacks then force the computer to reset itself or to consume its own resources. As a result, the machine is no longer able to provide its intended service and drops the communication with its user. DDoS targets are mainly sites hosted on high-profile servers such as credit card companies or banks.

When DDoS attacks are successful, they lead to significant outages, OPEX (increased operational expenditures), revenue loss and frustrated customers. Unfortunately, the capacity of security products such as firewalls and IPS is limited and the attackers are well aware of it. They can easily exhaust the application layer resources and cause significant downtime.

According to a recent study conducted by Arbor Networks, the volume of DDoS attacks has reached out 100Gbps barrier or, in other words, the DDoS attacks are growing in number and strength.

In order to reduce risk, specialists suggest that large state-exhaustion attacks must be stopped in the ISP/MSSP because this is where the attacks occur. A packet-based detection and protection against all kinds of DDoS is required as well.

Tags: , , , , ,
Posted in Security Advice | No Comments »

Server Masking – First Line of Defense

Tuesday, March 15th, 2011
There are various ways to protect a web server. Web servers often become victims of DDoS attacks and it is not uncommon for exploits to be used to gain access or break a web server. Protection comes in different forms and levels, the costs vary, but sometimes there are simple solutions. This one you can implement today. You can mask your server. When looked up, the server can say anything. I mean it, anything. It is probably a good practice to not make up something like “WSP Unbreakable Server 1.3.5”, but to instead choose one from the existing web server platforms.

There are two ways to go about this. You can make your server identify as a completely different server or just to say it is an older version of the server you run. When you choose to make your Lighttpd server identify as Apache, you take a great portion of amateur attacks and direct them in a completely wrong direction. On the other hand, if you decide to simply identify as an older version, 3rd parties who try anything funny will probably try to exploit your server with outdated tactics. It can still be useful. What actually works best is to change the name and version of the server. This should take care of at least some malevolent eyes.

Many sites use this. Torrent trackers are one good example. Most of these sites do not use Apache as trackers usually go for Lighttpd or Nginx. From the example above you can see that the web server powering the site is Apache 1.3.29. This is actually quite old now. The latest stable release is Apache 2.2.17.

There is actually a bit more to it than just masking your server’s name. If you are running a Windows server (secure enough, but it can use some tweaks), there is a commercial software solution. It takes care of more than just server name change. It’s called ServerMask. Like with most commercial software there is a free trial for you to try. A great solution for Apache is Mod_Security.

If you like to know more about this and how to implement it your self, try searching the web for “server banner strings”, “apache binary patching”, “web server mask” and similar queries. You should be able to find all the information you need. It is quite a lot so I can’t have it all in one post.

Let us know how that turns out for you!

Tags: , , , , , ,
Posted in Security Advice | No Comments »

Choosing a Good Password

Thursday, November 11th, 2010

Often the only protection we have online are our passwords. Since passwords are used everywhere – from online banking to common blogs – they are an integral part from of our online presence. Private information is successfully becoming the most valuable resources to come by, so a lot of people are getting more and more paranoid about their privacy.

Each individual spending at least a couple of hours a week online has at least a handful of passwords to remember. It is, however, surprising how most people are still quite negligent when it comes to creating a good password. You will be surprised how people fall for cliches. Well, after all, this is what makes a cliche what it is – a lot of people backing it up.

The first mistake many people do when they choose a password is to think of something common or personal, something a lot of people are familiar with, and could easily guess. The second big mistake is using this easily attainable password on every single profile that they have.

The truth is that passwords are not that hard to break,  at leasts common passwords, that is. A simple word or a combination of words from the English language are probably the easiest ones to break by using common sense or a relevantly simple dictionary attack . With computers becoming faster and more powerful at an exponential rate, brute force attack is becoming accessible to more people. The latter is nothing you should worry about when trying to come up with a password for your wi-fi router though.

We performed a test with a simple 8-character letters-only password on a wi-fi router. It took 26 days before someone broke it, and began using our Internet connection for free. However, the trouble one can get into is far more serious than simply slower connection. People can do a lot of illegal things through your IP address and leave you to take the blame.

Adding a simple numerical character or a symbol make the password several times harder to break. Here you can find some great tips on how to choose a strong password. Also be sure to check this list of common passwords so you know what to steer away from.

If you run a website or a blog and want to take your site’s security one step further, consider remote monitoring on top of a good password. Our website monitoring service can even alert you if your your site is not performing properly while you are away.

So, tell us – what is the worst password you ever seen?

Tags: , ,
Posted in Security Advice | No Comments »

BackTrack

Wednesday, June 30th, 2010

BackTrack is the most popular Linux live distribution focused on penetration testing and network security. With no installation whatsoever, the live distribution is ready to run within minutes. BackTrack is the “child”, so to speak, of Whax and Auditor Security Collection.

Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. Like most Linux distros, BackTrack is free. The project is hosted and maintained by www.backtrack-linux.org This structure allows even newcomers to find the related tools to accomplish a certain task.

The newest version is BackTrack 4. It resided in beta state for almost an year but the final result is definitely worth it. This version runs a new kernel, has most major bugs fixed and has a unique set of tools, which one can find only on BackTrack. In this swiss-army knife of a distro, you will find invaluable tools in 11 categories:

Enumeration, Tunneling, Bruteforce, Spoofing, Passwords, Wireless, Discovery, Cisco, Web, Applications, Forensics, Fuzzers, Bluetooth, Misc, Sniffers, VOIP, Debuggers, Penetratio, Database, RFID, Python.

In other words – a little something for everyone out there.

Apart from being the ultimate kit for offensive security, BackTrack is also a good place for security-freak wannabes to start. Enthusiast can take Remote Exploit’s security training course and gain essential knowledge about malicious hacker attacks. Trainees start building up from square one until reaching the cutting edge in penetration testing.

We can monitor your server and other network hardware 24/7 and alert you whenever a problem appears.However, it is up to you to keep your system secured. Be sure you sweep aside all unnecessary risk by testing your server’s security level.

If you have an account with us and you are running security test, which might affect the performance of your installation, please give us a heads-up. If you do not have an account, it is about time you create one and enjoy a 30 day trial – no strings attached.

clomid, synthroid, zithromax, accutane, celebrex

Tags: ,
Posted in Security Advice | No Comments »

DDoS Attack

Tuesday, June 15th, 2010

The end goal of Denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is to make a resource unavailable to its users. The attack can be carried out on different levels, depending on the target and people involved. In essence, the attack represents a highly intense attempt by one person or more to hinder web sites or specialized internet services from running properly, causing financial losses to the owner of that resource.

Depending on the motivation behind the attack, different targets might suffer from it. The attack can be implemented by a single person, carrying out a personal agenda. Such an attack is highly unlikely to cause too much trouble and will only be temporary. A much bigger problem are organized attacks performed by a group of individuals in pursuit of financial gains. Such attacks can be sustained for longer periods of time and might as well ruin companies relying on online presence. Banks, online retailers, government sites, payment gateways and even root nameservers can become easy prey for organized DDoS attacks.

The most common method of attack involves flooding the web site (and web server along with it) with external communications requests to such a level that it cannot respond to legitimate traffic generated by regular users. Needles to say, precious business is driven away. Unprotected parties might sometime be forced by their hosting provider to move their website to different hosting, due to the fact that the attack intended to render one site unusable is preventing the whole web server (thousands or tens of thousand sites) from delivering their content to visitors.

Saboteurs are usually after a hefty ransom, threatening to continue the attack for as long as they have to, unless the amount is paid. Such people are considered outlaws and are threatened by up to 10 years in prison, depending on local law.

There are ways to protect your online business from such attacks and usually it is best to be proactive. Wikipedia.org and Cisco.com are two good points to start from, should you be interested in learning more about prevention and actions you might take. If you are the proud owner of a small website with modest amount of traffic you shouldn’t be too worried about the DDoS attack. That does not mean you can’t monitor your website or server. For as low as 9$ per month you can be aware of whether your site is being a victim of malevolent attacks.

clomid, synthroid, zithromax, accutane, celebrex

Tags: ,
Posted in Security Advice | No Comments »