Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/5/2013
11:08 AM
Rajat Bhargava
Rajat Bhargava
Commentary
50%
50%

Don't Be A Hacker's Puppet

Even if your company is not a primary target, hackers may be using you to get to the big fish. Here's how to protect your servers without breaking the bank.

With the Halloween season just in our rearview, I can't help but be reminded of the body snatcher movies, where human beings are converted to zombies and centrally controlled. Unfortunately, this is an apt analogy for what is happening every day on the Internet.

Countless servers are being converted to zombie or drone systems as part of botnets or coordinated attack machines. The risk to organizations is significant. A compromised network can result in embarrassment as you are blamed for the attacks on high-value targets and potentially massive costs from bandwidth and server utilization. Also, being blacklisted on the Internet makes it much harder to do business. Worse, if your infrastructure is used in a particularly heinous crime, it could be confiscated.

Many organizations simply don't believe they are a target. They don't host credit cards, conduct financial transactions or save personal information, so why would a hacker care about them?

In fact, hackers count on finding people who think exactly this way. These "low-value targets" are often left wide open and become the unwitting accomplice to attacks on the "high-value targets" such as banks and government sites. Every organization with servers connected to the Internet should care about this issue, or the results could be disastrous. The good news is that you don't need to spend significant money and time on security to make sure you don't end up a hacker's puppet.

[ As hackers get more sophisticated, it's time to step up the defenses. Read Is Your DNS Server A Weapon? ]

Hackers focus in on the easy targets. They aren't interested in working too hard on low-value targets. They want to compromise the server quickly or they will move on to another one. Their ultimate goal is not to compromise most of us, but to use us to get to the real money.

Most hackers use fairly common techniques to take over servers:

Attack weak passwords. A surprising number of servers and applications have default passwords or simple passwords. Hackers have automated tools that test your passwords, and if you have easy ones it will take virtually no time for your server to be theirs.

Phish key users. A now age-old trick that is becoming even more sophisticated as hackers pick up passwords and access by targeting key users.

Exploit old software. Unpatched systems are an easy target, especially given all the well-known and distributed exploits for old software.

SMBs are the most vulnerable. The bad guys know that small organizations can't afford to spend significant dollars or time on security. Further, these organizations often don't have the resources to implement best practices as enterprise-level organizations do. As a result, they allow the hacker to dilute or mask their trail.

As mentioned above, you can protect your company without breaking the bank or piling on additional resources -- a few basic practices will get you there. Open source or inexpensive monitoring software will let you experiment with low- or no "hard"-cost tools to see what works best for your organization. Though open-source software typically requires more effort, it has the benefit of proving success before any real dollars are spent. Open source is also generally more secure than closed source because it allows for more analysis from more users with different skills. As a result, security vulnerabilities are identified and fixed more quickly.

Here are a few simple protection techniques to start with:

Lock down who has access to your servers. Give access to only those users who need it and make sure that they understand how to secure their access with strong passwords -- or better yet, use cryptographic keys.

Track and monitor access. Monitor on a regular basis to ensure that only the people who should have access are on your system and that they are doing what they should be.

Harden your systems. Keep your servers updated and your configurations locked down. Patching your servers can be simple to execute depending upon the complexity of your application, and there are plenty of resources that describe solid configurations. For example, the National Institute of Standards and Technology maintains a comprehensive checklist for a number of operating systems and applications to help ensure secure configurations.

Know who your servers are talking to. Lock down network access to your servers and track whether or not the servers are talking to the right systems. Most servers shouldn't be initiating communication with a lot of different servers or services. Just as you want to know who your children are talking to, know who your servers are talking to.

Unfortunately, any business with an Internet presence is a potential target, whether or not it has valuable digital assets. While executing these basic techniques won't eliminate compromises, they will increase the effort a potential hacker needs to make in order to take control of a server, making it more likely that the hacker will move on to an easier target.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rajat Bhargava
50%
50%
Rajat Bhargava,
User Rank: Apprentice
11/12/2013 | 9:57:07 PM
re: Don't Be A Hacker's Puppet
Hello G a contracted IT provider is a perfectly acceptable method of solving the problem. There are, of course, issues that need to be reviewed with any firm or consultant that you hire which is a separate, but important topic. I do believe an organizationGs data is important to them irrespective of if it is confidential, financial data, or personally identifiable information, but the challenge is how do you actually solve the problem of keeping it secure. For many organizations that is a daunting task and one that can be very expensive. I do believe that most organizations have the best of intentions, but how you get from here to there is not always clear nor easy which is why we are trying to help people understand the problem and potential options to solve it.
Rajat Bhargava
50%
50%
Rajat Bhargava,
User Rank: Apprentice
11/12/2013 | 7:46:42 PM
re: Don't Be A Hacker's Puppet
Hi, Doug! For tracking and monitoring access, we'd recommend OSSEC. For server hardening, Nessus provides great suggestions for ways to lock down your servers. Snort can help you understand who your servers are talking to. As far as locking down access to your servers as well as gaining high-value security and patch monitoring, I recommend JumpCloud. Full disclosure: I'm CEO of JumpCloud.
PaulS681
50%
50%
PaulS681,
User Rank: Apprentice
11/9/2013 | 10:11:59 PM
re: Don't Be A Hacker's Puppet
I think
you can cut your chances of being hacked by following some best practices:
-Make users change their passwords at least every 6 months, preferably 3.
-Keep your servers patched. Don't run unsupported OS's.
-Have antivirus on all machines that updates every day.
-Enforce complex passwords.
PaulS681
50%
50%
PaulS681,
User Rank: Apprentice
11/9/2013 | 10:06:05 PM
re: Don't Be A Hacker's Puppet
Nice article
Rajat. It is all to common where companies don't spend the necessary time and
effort on security. To me it's worth getting a contracted IT provider to help
you with security. Weak passwords are a big concern or passwords that don't
need to be changed. You just have to say how important is your data and do you
want publicity from being hacked and unknowingly contributing to a bigger hack?
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
11/5/2013 | 6:30:17 PM
re: Don't Be A Hacker's Puppet
Rajat: How about sharing a few names of the kind of open source or inexpensive security tools you mention. This advice would be easier to implement if you point us in the right direction.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.