Quick Hits

FBI's IC3 Issues Tips For Preventing Website Attacks

Internet Crime Complaint Center says steps may not prevent attackers from gaining access to a site, but will lessen the impact of an attack
The FBI's Internet Crime Complaint Center (IC3) has published a list of preventative measures that organizations can take to stem Website attacks, such as SQL injection.

"Over the past year, there has been a considerable spike in cyberattacks against the financial services and the online retail industry," according to the IC3's posting. "There are a number of actions a firm can take in order to prevent or thwart the specific attacks and techniques used by these intruders. The following steps can be taken to reduce the likelihood of a similar compromise while improving an organization's ability to detect and respond to similar incidents quickly and thoroughly."

Here are the IC3's recommendations for protecting your Website:

  • Disable potentially harmful SQL stored procedure calls

  • Deny extended URLs

  • Implement specific approaches to secure dynamic Web content

  • Install and run authorized Microsoft SQL Server and IIS services under a nonprivileged account

  • Apply the principle of "least privilege" on SQL machine accounts

  • Require passwords on Microsoft SQL Server administrator, user, and machine accounts

  • Lock out accounts on your mainframes after multiple unsuccessful logon attempts

  • Run the minimum required applications and services on servers needed to perform their intended function

  • Deny access to the Internet except through proxies for store and enterprise servers and workstations

  • Implement firewall rules to block or restrict Internet and intranet access for database systems

  • Implement firewall rules to block known malicious IP addresses

  • Ensure that your systems that verify and generate PIN numbers, for instance, do not respond to commands that generate encrypted PIN blocks

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Editors' Choice
Elizabeth Montalbano, Contributor, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading