FBI's IC3 Issues Tips For Preventing Website Attacks

Internet Crime Complaint Center says steps may not prevent attackers from gaining access to a site, but will lessen the impact of an attack

Dark Reading Staff, Dark Reading

December 16, 2008

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The FBI's Internet Crime Complaint Center (IC3) has published a list of preventative measures that organizations can take to stem Website attacks, such as SQL injection.

"Over the past year, there has been a considerable spike in cyberattacks against the financial services and the online retail industry," according to the IC3's posting. "There are a number of actions a firm can take in order to prevent or thwart the specific attacks and techniques used by these intruders. The following steps can be taken to reduce the likelihood of a similar compromise while improving an organization's ability to detect and respond to similar incidents quickly and thoroughly."

Here are the IC3's recommendations for protecting your Website:

  • Disable potentially harmful SQL stored procedure calls

  • Deny extended URLs

  • Implement specific approaches to secure dynamic Web content

  • Install and run authorized Microsoft SQL Server and IIS services under a nonprivileged account

  • Apply the principle of "least privilege" on SQL machine accounts

  • Require passwords on Microsoft SQL Server administrator, user, and machine accounts

  • Lock out accounts on your mainframes after multiple unsuccessful logon attempts

  • Run the minimum required applications and services on servers needed to perform their intended function

  • Deny access to the Internet except through proxies for store and enterprise servers and workstations

  • Implement firewall rules to block or restrict Internet and intranet access for database systems

  • Implement firewall rules to block known malicious IP addresses

  • Ensure that your systems that verify and generate PIN numbers, for instance, do not respond to commands that generate encrypted PIN blocks

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A woman sitting at a laptop and holding a mobile device, the screens of both displaying a green check mark in a circle
Cyberattacks & Data Breaches
Researchers Crack Microsoft Azure MFA in an HourResearchers Crack Microsoft Azure MFA in an Hour
byElizabeth Montalbano, Contributing Writer
Dec 11, 2024
4 Min Read
The words "zero-day" written in a line of code on a computer screen
Application Security
Microsoft NTLM Zero-Day to Remain Unpatched Until AprilMicrosoft NTLM Zero-Day to Remain Unpatched Until April
byJai Vijayan, Contributing Writer
Dec 9, 2024
3 Min Read
A patchwork quilt
Application Security
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch TuesdayMicrosoft Fixes Active Zero-Day, Critical RCEs on Patch Tuesday
byTara Seals, Managing Editor, News, Dark Reading
Dec 10, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers