How to protect a network from damaging attacks
Computers & Technology → Networking
- Author Kyle Greendale
- Published May 3, 2011
- Word count 620
If you haven't yet heard about the HBGary hack and email leak, I suggest browsing one of the many articles put out on the subject since the incident in early February. It serves as a strong cautionary tale of what can occur in cases where security firms fail to secure their own networks well. Even in the event your company doesn't deal in security issues, there is a great deal to be learned about how to successfully protect a site or network from similar dangerous attacks. Let's walk through the key points of failure in this example step by step.
Don't skimp on website security
The first target of the hacker group was the HBGary Federal site, where they were able to use a simple SQL injection to secure access to the site database. This granted them access to usernames, email addresses and "hashed" passwords (passwords encrypted with a hash function to stop unauthorized access). This would have been stopped by either running a solid, up-to-date commercial CMS or by testing the custom content management system for SQL injection vulnerability. This type of exploit is frequently utilized in the hacker community and involves almost no ability to utilize, consequently each and every security specialist must be aware of it.
Create difficult passwords
Despite the fact that the passwords had been encrypted in the database, there are popular methods out there to help hackers attempt to work out the right passwords based on the hashed data. These kinds of tools pre-compute thousands and thousands of possible passwords and then can be cross referenced for the resulting hash sequence. There are, naturally, limitations to what these tools can do. For pragmatic reasons they will only store information about a limited subset of potential passwords, for example just passwords from 1-8 characters with lower case letters in addition to numbers or just passwords from 1-12 letters in upper case. Two people at HBGary (the CEO and COO) used passwords that were only eight characters long with 6 lower case letters and 2 numbers, meaning that they were vulnerable to this specific attack. Choosing to use complex passwords with a mix of upper and lower case letters, numbers, and characters such as and % effectively removes the danger of these types of tools being utilized to guess at your password.
Create different passwords
Taking user passwords for editing a website is bad, but not life-ending for a security firm. Unfortunately for HBGary, both of those compromised passwords were reused in lots of places, including social networking sites and email administration. It may be awfully tempting to reuse passwords - particularly complicated ones - however the simple fact is that reusing passwords has become among the most prevalent security issues right now. If you choose the exact same password on your email and a small humor site, and that website's database is compromised, it may be possible for someone to use that password to get access to your email account and most likely much more.
Keep software programs up-to-date
Several issues with the security of these websites would have been resolved by using proper security updates. Whenever vulnerabilities are identified in software, developers work to shut the loopholes and then send out patches to correct the issue. Users that install these kinds of patches promptly are far less liable to see their systems compromised, as would-be attackers have a significantly shorter window of opportunity to act on a new exploit.
Chances are fairly good that if you've ever studied appropriate security practices, you already knew most of this. When even security businesses fail to comply with this very elementary advice, though, it is good to take a moment to double check your own security for potentially mistakes mistakes.
I work at an IT support company helping small businesses with their IT outsourcing. I love keeping up with the latest news and sharing what I know with my clients to keep their networks safe.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Optimize Your Website for the Better Sight
- How To Develop & Implement A Network Security Plan
- Mastering VoIP: Overcoming Common Communication Challenges
- What Concerns Do Enterprises Have When Choosing Network Monitoring Software?
- Spectrum Router Red Light: Troubleshooting Guide and Solutions
- Web Development Made Easy: Why Outsourcing is the Smart Choice
- INTERNET OF THINGS
- Enhancing Business Communication with 3CX: A Powerful Unified Communications Solution
- How to Fix "No Signal, Please Check Your Antenna Connection" Error
- AN INTRODUCTION TO INTERNET MARKETING
- Passwordless is the New Cyber Security, Emir Ceric’s Meveto Transform Verification, Logging In and Remote Sign Out
- The Ultimate Guide to Master YouTube and Monetization
- Preventing data theft in an enterprise environment
- The Art Of Cold Calling [Mastery In Seven Simple Steps]
- Quantum Computing and the future of IT Security
- 5G TECHNOLOGY AND IOT: HOW DO THESE TRENDS RELATE?
- SkyVPN Launches New Gaming Servers with Dedicated Servers for PUBG
- Smm reseller panel
- Steps to Transfer Files Using Kindle Desktop Application
- Save time on your FTP updates with FTPGetter Professional
- Add a file hosting and sharing service to your site with YetiShare
- MCS Multicast Switch for Next Generation ROADM
- Business Networking Tips for Beginners
- Using Virtual Serial Ports in Proteus
- Network Security Checklist for All Types of Businesses
- Create Your Own File-Hosting Website with YetiShare
- Cat5 cable vs Cat6 Cables: What are the Contrast?
- Automate FTP Downloads and Uploads with FTPGetter Professional
- On Demand Freelance Marketplace For Field Engineers
- Cisco Network Infrastructure Services in San Francisco