Staying up to Speed on Dedicated Server Security
A Global Threat Intelligence Report was just released by NTT Innovation Institute for 2014 which does not look good. Is shows increased activity with botnets and multiple PCs or dedicated servers communicating surreptitiously. Also, there is an increase in Distributed Denial of Service (DDoS) attacks; many infected computers or servers acting in unison against a specific target or targets.
According to the report by the NTT Innovation Institute, 34% of the malicious activity is now labeled as botnet and website related Healthcare, technology and the finance industry accounted for 60% of that botnet activity.
Other startling new findings were that 54% of the new malware discovered was able to evade multiple antivirus software. These new types of malware were collected and discovered by what are known as honeypots. Honeypots are “digital traps” designed to simply attract malware. It was not made clear which antivirus programs were able to detect and remove the malware and which ones were not able to do so.
Dedicated server security needs to have updated software to stop infections. Cybersecurity threats are definitely not static and security software can quickly become outdated. Keep Security software up to date on a regular basis to avoid cybersecurity threats.
Initial security resutls and performance should not grade antivirus and malware detection software alone. The speed in which they are able to keep up with new vulnerabilities and increasing exploits are.
A positive note in the new report was found that organizations that are in compliance with the Payment Card Industry (PCI) were much more secure and able to recover 27% quicker than other online organizations.
Securing the dedicated server’s operating system and adding a firewall alone will not be adequate in preventing bad things from happening. The software developer must keep applications and various other software updated and supported. This is a must-do task for dedicated server security.
Outdated Means Unsecured
Outdated software such as Apache, PHP, and Cross Site Scripting vulnerabilities were some of the most often overlooked vulnerabilities in a server environment causing serious security issues. Operating a server with basic security such as a firewall will not be enough to secure a server. Over 30% of vulnerabilities were related to outdated Apache software alone. Patch management and application configurations are the leading vulnerabilities. Setting up a strong firewall and hardening an Operating System can in many cases not be enough if internal software and applications are not equally as well managed and kept up to date.
Unsupported and abandoned software is a major issue for dedicated server security.
Having an Incident Response Plan (IRP) in place is also vital in responding to an effective security breach. Determine how the breach was carried out and why it was successful. This will prevent similar occurrences from happening again in the future. There is no point in having an IRP without preventing a successful attack from happening again.
Many times, attackers are also keeping up to date with newly discovered software vulnerabilities. Therefore they can easily exploit them if patching up those applications takes time from the vendor. A vendor will often time perform their own internal security checks. In many instances, third-party sources will discover these vulnerabilities.
The Global Threat Intelligence Report also found that open environments such as education had the most malware events totaling 42%. This is due to the open access typical of educational organizations and the inability to enforce security rules and good practice to end users or students.
The end user is in many ways the weakest link in the chain of security.
Looking at attacks globally can lead one to believe that most attacks are originating from certain countries such as the USA, Australia, and Russia. However, as the majority of these attacks may be true, many attackers hide their real location. They use various methods such as proxies and create a presence in the same country as their target. The NTT Group Q4 2013 SERT Threat Intelligence Report revealed that for USA based attacks many popular hosting providers such as GoDaddy® and Amazon Web Services® (AWS) were used as data exfiltration points.
For more info, please visit: https://www.solutionary.com