Internet Crime Complaint Center says steps may not prevent attackers from gaining access to a site, but will lessen the impact of an attack
The FBI's Internet Crime Complaint Center (IC3) has published a list of preventative measures that organizations can take to stem Website attacks, such as SQL injection.
"Over the past year, there has been a considerable spike in cyberattacks against the financial services and the online retail industry," according to the IC3's posting. "There are a number of actions a firm can take in order to prevent or thwart the specific attacks and techniques used by these intruders. The following steps can be taken to reduce the likelihood of a similar compromise while improving an organization's ability to detect and respond to similar incidents quickly and thoroughly."
Here are the IC3's recommendations for protecting your Website:
Disable potentially harmful SQL stored procedure calls
Deny extended URLs
Implement specific approaches to secure dynamic Web content
Install and run authorized Microsoft SQL Server and IIS services under a nonprivileged account
Apply the principle of "least privilege" on SQL machine accounts
Require passwords on Microsoft SQL Server administrator, user, and machine accounts
Lock out accounts on your mainframes after multiple unsuccessful logon attempts
Run the minimum required applications and services on servers needed to perform their intended function
Deny access to the Internet except through proxies for store and enterprise servers and workstations
Implement firewall rules to block or restrict Internet and intranet access for database systems
Implement firewall rules to block known malicious IP addresses
Ensure that your systems that verify and generate PIN numbers, for instance, do not respond to commands that generate encrypted PIN blocks
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024