With the Halloween season just in our rearview, I can't help but be reminded of the body snatcher movies, where human beings are converted to zombies and centrally controlled. Unfortunately, this is an apt analogy for what is happening every day on the Internet.
Countless servers are being converted to zombie or drone systems as part of botnets or coordinated attack machines. The risk to organizations is significant. A compromised network can result in embarrassment as you are blamed for the attacks on high-value targets and potentially massive costs from bandwidth and server utilization. Also, being blacklisted on the Internet makes it much harder to do business. Worse, if your infrastructure is used in a particularly heinous crime, it could be confiscated.
Many organizations simply don't believe they are a target. They don't host credit cards, conduct financial transactions or save personal information, so why would a hacker care about them?
In fact, hackers count on finding people who think exactly this way. These "low-value targets" are often left wide open and become the unwitting accomplice to attacks on the "high-value targets" such as banks and government sites. Every organization with servers connected to the Internet should care about this issue, or the results could be disastrous. The good news is that you don't need to spend significant money and time on security to make sure you don't end up a hacker's puppet.
[ As hackers get more sophisticated, it's time to step up the defenses. Read Is Your DNS Server A Weapon? ]
Hackers focus in on the easy targets. They aren't interested in working too hard on low-value targets. They want to compromise the server quickly or they will move on to another one. Their ultimate goal is not to compromise most of us, but to use us to get to the real money.
Most hackers use fairly common techniques to take over servers:
Attack weak passwords. A surprising number of servers and applications have default passwords or simple passwords. Hackers have automated tools that test your passwords, and if you have easy ones it will take virtually no time for your server to be theirs.
Phish key users. A now age-old trick that is becoming even more sophisticated as hackers pick up passwords and access by targeting key users.
Exploit old software. Unpatched systems are an easy target, especially given all the well-known and distributed exploits for old software.
SMBs are the most vulnerable. The bad guys know that small organizations can't afford to spend significant dollars or time on security. Further, these organizations often don't have the resources to implement best practices as enterprise-level organizations do. As a result, they allow the hacker to dilute or mask their trail.
As mentioned above, you can protect your company without breaking the bank or piling on additional resources -- a few basic practices will get you there. Open source or inexpensive monitoring software will let you experiment with low- or no "hard"-cost tools to see what works best for your organization. Though open-source software typically requires more effort, it has the benefit of proving success before any real dollars are spent. Open source is also generally more secure than closed source because it allows for more analysis from more users with different skills. As a result, security vulnerabilities are identified and fixed more quickly.
Here are a few simple protection techniques to start with:
Lock down who has access to your servers. Give access to only those users who need it and make sure that they understand how to secure their access with strong passwords -- or better yet, use cryptographic keys.
Track and monitor access. Monitor on a regular basis to ensure that only the people who should have access are on your system and that they are doing what they should be.
Harden your systems. Keep your servers updated and your configurations locked down. Patching your servers can be simple to execute depending upon the complexity of your application, and there are plenty of resources that describe solid configurations. For example, the National Institute of Standards and Technology maintains a comprehensive checklist for a number of operating systems and applications to help ensure secure configurations.
Know who your servers are talking to. Lock down network access to your servers and track whether or not the servers are talking to the right systems. Most servers shouldn't be initiating communication with a lot of different servers or services. Just as you want to know who your children are talking to, know who your servers are talking to.
Unfortunately, any business with an Internet presence is a potential target, whether or not it has valuable digital assets. While executing these basic techniques won't eliminate compromises, they will increase the effort a potential hacker needs to make in order to take control of a server, making it more likely that the hacker will move on to an easier target.