February 10, 2016
Closing the Door to Hackers and Data Thieves
“Knowing the enemy enables you to take the offensive; knowing yourself enables you to stand on the defensive.”
These words of strategic wisdom were penned by Chinese general and strategist Sun Tzu more than 1500 years ago, but they speak as much to modern data and network security as to the ancient battlefield. They key to sustaining an attack, now as then, is to know the strengths and weaknesses of both you and your attacker.
In this article, we will examine how hackers and data thieves are able to access your corporate systems and data, and how understanding their plan of attack can help you to win the battle.
Hacking Vs. Data Theft
Hacking and data theft are not synonymous. Not all hackers steal data, and not all data thieves access your information by hacking. The distinction is important, since each requires different defense strategies.
Forbes estimates that nearly 30,000 websites are hacked every day. That’s 20 every minute. With stats like that, every site owner should consider their site at risk for attack. To think the problem is limited to small operators would be a mistake. Large and—one would assume—robust sites have made the news as hackers either defaced the sites or hacked their way to user accounts, including MIT, the Fraternal Order of Police, and Ebay—twice.
The majority of website hacks access site files, or shut the site down, using only a few common methods.
Denial of Service attacks are not so much hacks as brute force external attempts to overwhelm the website’s host server, or related network resources, with traffic. By using special software, hackers deliver a barrage of network request to the targeted server, exhausting system resources and preventing the server from responding to legitimate requests.
DoS attacks come in one of two flavors: single-origin attacks and Distributed, or DDoS, attacks. Attacks originating from a single machine are usually perpetrated by a small group, or even a lone hacker. DDoS, attacks, in which the bombardment of requests originates from dozens or hundreds of machines, is often the work of well-organized and sophisticated groups, including nation states.
ICMP requests are used in attacks by sending malformed ICMP or information packets to the server, causing a crash or reboot. Other types of ICMP attacks merely involve sending a flurry of ping requests.
SYN flood attacks involve sending a “flood” of SYN requests to the target server, while failing to respond to the returning SYN-ACK code returned by the server. The number of half-open connections will grow rapidly, as the server awaits a ACK response. Server and network resources can rapidly be overtaxed, causing slow or no response to legitimate traffic, or even a server crash.
The best defense strategy against DoS attacks is to implement hardware or software solutions at the server, or even ISP, level that detects the attack early and automatically blocks IP addresses that exceed a preset threshold for requests per second. Defending against distributed attacks is more challenging, and requires reducing SYN-RECEIVED Timer or recycling the Oldest Half-Open TCP requests, among other things.
Yes, DoS and DDoS attacks are bad news, but you can defend against them. By taking a proactive approach and implementing solutions designed to prevent or limit such attacks, you may still get attacked, but your legitimate site visitors may never notice.
The administrator panel, or “back end” of your website is a prime target for hackers. For the cyber-thug who can access your admin panel, the entire site is at their disposal. Content, features, modules, and, most valuable, user accounts are all available for whatever nefarious plans the hacker may have. While not as potentially devastating as a breached cPanel or domain control panel, a hacked admin panel can certainly tie up your IT staff for hours.
CMS sites, such as Joomla. present an inherent vulnerability by providing access to the administrator panel using a predictable URL, such as yoursite.com/administrator. When cyber criminals see the administrator panel login located at the default URL, they immediately know they are working with amateurs. Once at the login page, the hacker uses hacking software to launch a brute-force attempt to enter the correct user name and password. Since 50% of users chose common words for passwords, some hackers gain access quickly the old-fashioned way—by guessing.
Web security software that changes your administrator login URL or that requires double-authentication with an additional user name and password can prevent back-end intrusions.
Access to a website’s cPanel is the holy grail of the web hacking world. From the cPanel, the hacker can access all site files, email accounts, databases, and in some cases, domain settings. The cPanel address (and often the user name) is provided by the host provider, but you can discourage unauthorized access by using a password of at least 8 characters, and which includes upper case, lower case, numbers, and special characters. A simple 6-character lower-case password can be cracked in under 10 minutes. A 9-character password with mixed characters will tie up a hacker for about 44,000 years.
Using Script injections, hackers can insert malicious code into the pages of a website. A mild attack might result in visitors’ browsers being directed to another site. A sever attack might get your site blacklisted by Google.
Script injections frequently exploit vulnerabilities in user-input components, such as forms, to send the hacker’s script to the server.
Cross-site injection results in code being loaded into your site files, whereas SQL injection sends rogue SQL queries to the database for execution.
This common type of attack can be minimized by using input elements on your website only when necessary, and making sure that those elements contain filtering or validation to block against unexpected information being entered.
You can stop most hacking attempts cold by taking the following steps:
- Keep your website platform updated to the latest version.
- Keep extensions, themes, templates, plugins, and modules updated.
- Create unique passwords for cPanel login, FTP login, domain control panel login, and administrator login, and make sure the password use mixed characters.
- Install a reputable website security software package on your site, and don’t settle for leaving it with default configuration settings.
- For sites that store customer information, review by professional web security experts can reveal vulnerabilities known only to hackers.
A Google search on the phrase “how to hack a network” yields 44.9 million results. The scary thing is, a good many of the results contain instructions that actually work. At least when tried on networks that lack proper security mechanisms. Let’s look at the four most common types of network hacks and see what can be done to defend against them.
Passive network attacks are not really attacks as much as they are spy operations. The perpetrator of a passive attack is not interested, at least not initially, in damaging the victim’s files or data. In fact, they generally try to remain undetected as they scan the target network for unprotected ports. Once in, the hacker will conduct reconnaissance or data collection, without interfering with normal network or data use. This hack is used to spy on companies, political organizations, and government systems. It also includes data breaches in which customer credit card data or other sensitive information may be quietly downloaded for the benefit of the perpetrator or sold on the black market.
Various hardware and software are available for scanning both wired and wireless networks.
The best solution to preventing this kind of intrusion is to employ best practices network security steps, including secure login keys and encryption.
Active network attacks describe penetration by hackers who do not generally try to hide their activities. Active attacks include any kind of unauthorized access that results in changes or damage to files, data, or systems.
Hardware or software firewalls and Intrusion Prevention Systems (IPS) are effective at preventing active network attacks. Additionally, there is no shortage of software applications that are designed to monitor networks and to detect unauthorized activity.
Perhaps the most disturbing type of network attack is the backdoor attack. This attack penetrates network security not by breaking in, but by walking in the backdoor. Some software and hardware are designed with the inherent ability to allow remote access for legitimate purposes. In other cases, backdoors are installed in products without the manufacturer’s knowledge. Case in point, as revealed by Eric Snowden, the NSA installed backdoors on Cisco Products without Cisco’s knowledge.
The backdoor threat is ominous because your network’s greatest vulnerability may lie inside the very products you purchase to keep your network safe.
The best defense against backdoor attacks is to use a multi-layered approach so that an open door in one application or piece of hardware can be detected or made ineffective by additional security layers.
Retail Data Theft
The opportunities for retail data theft are almost too numerous to mention. With such giants as Target and Home Depot experiencing embarrassing, and costly, breaches of customer information, one has to wonder if smaller operations have any hope of having a robust, secure payment system. Actually, there is.
Using payment tokenization, retail POS systems can process payment transactions without storing card data. In a tokenized POS system, a third party token processor stores encrypted customer card data in a “token vault.” Once a token is created for a given customer at that retailer, the customer’s token, rather than their card data, is passed between the retailer and the processor. The payment approval or denial details are returned to the retailer, but no customer bank or card account information is revealed.
Pod slurping may sound silly, but the results of this kind of data theft can be very serious. Using this method of data theft, a perpetrator simply uses a removable device such as a USB sticks, flash drives, or even a camera memory card with which to copy data without authorization.
Pod slurping is often utilized by corporate moles, or disgruntled employees, to access company data for their own purposes. Obviously, restricting physical access to critical computers is the best cure for this problem, but there are more things you can do to keep your data out of the hands of slurpers.
Employing any of several available software applications can allow you to, essentially, close USB ports to unauthorized access. Applications are also available that allow access to non-sensitive data, but which place critical files and directories under password protection.
Another funny name for a data theft technique that is anything but funny. Bluesnarfing exploits the Bluetooth connection to a wireless device to access data stored on the device.
This exploit can be prevented by changing the device Bluetooth settings to Undiscoverable. This will allow devices already paired with the device to continue to communicate through Bluetooth, while blocking new connections.
How KDG Can Protect Your Systems
If you need the services of developers who not only know how to develop systems, but to secure them, we invite you to contact KDG. Ours is a team of professional developers who specialize in building systems, applications, and websites that are robust and secure.
At KDG, we understand IT security so that you don’t have to.