1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).
2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack.
3. Disallow all remote administration unless it is done using a one-time password or an encrypted link.
4. Limit the number of persons having administrator or root level access.
5. Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet.
6. Monitor system logs regularly for any suspicious activity. Install some trap macros to watch for attacks on the server (such as the PHF attack). Create macros that run every hour or so that would check the integrity of password and other critical files. When the macros detect a change, they should send an e-mail to the system manager.
7. Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin.
8. Remove the “default” document trees that are shipped with Web servers such as IIS and ExAir.
9. Apply all relevant security patches as soon as they are announced.
10. If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.
11. If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site. It would also be good to limit these connections only to a minimum number of secure machines and have those machines reside within your Intranet.
12. Run the web server in a chroot-ed part of the directory tree so it cannot access the real system files.
13. Run the anonymous FTP server (if you need it) in a chroot-ed part of the directory tree that is different from the web server’s tree.
14. Do all updates from your Intranet. Maintain your web page originals on a server on your Intranet and make all changes and updates here; then “push” these updates to the public server through an SSL connection. If you do this on a hourly basis, you can avoid having a corrupted server exposed for a long period of time.
15. Scan your web server periodically with tools like ISS or nmap to look for vulnerabilities.
16. Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help you recover from an intrusion and strengthen your defenses.

Source

Posted in Prevention, Tips, Web Security No Comments »

How can you protect your computer against the above-mentioned Internet security incidents? There are a number of free Internet security programs available online that you can use for this purpose. Given below is a checklist of few simple things you do:

• Assess your risk/risk potential
• Use good antivirus software. There are a number of free Internet security solutions that you can download for this purpose.
• Keep all your software up-to-date (download and apply updates and patches regularly)
• Check your security settings
• Use a firewall (hardware/software)
• Create tough-to-crack passwords (ideally 13 characters long, that includes numbers)
• Conduct regular security maintenance

Source

Posted in Network Security, Prevention, Web Security No Comments »

Here are some simple ways on how to could keep yourself same from threats and vulnerabilities on the Internet.

• Install anti-spyware and anti-virus on your personal computer
• Update your operating system and software (especially your anti-virus and anti-spyware) promptly for security patches and other important updates.
• Install Firewall too. Most operating systems have built-in firewall all you have to do is to enable them.
• Avoid visiting malicious websites.
• Avoid downloading files that are malicious (especially .exe files).
• Do a regular maintenance of your personal computers (Update, Defrag, Virus scan and other things that can improve the security and stability of your system).

Image source: www.reliabletechaz.com

Posted in Prevention, Threats, Tips, Web Security No Comments »

“Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.”

Source

Posted in Hacks, Info, Threats, Web Security No Comments »

The FBI called for new legislation that allows the federal police to keep close look at internet activity to track down illegal activities. This seem to go beyond a current plan to monitor traffic on federal-government networks, and that the bureau should have a broad “omnibus” authority to conduct monitoring and surveillance of private-sector networks as well. This could violate the Fourth Amendment’s guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication

Source

Posted in Info, Network Security, Threats, Web Security No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate – search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

Top Ten Reasons why Websites Get Hacked

Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.

1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

SOURCE: OWASP (the Open Web Application Security Project)

Related Links For added reading : NetworkWorld.com

Posted in Hacks, Info, Threats, Web Security No Comments »

Probe : Unusual attempts to gain access or discover something about system.

Scan : Many probes done using an automated tool.

Account Compromise : Unauthorized use of a computer account by someone other than the account owner.

Root Compromise : Similar to an account compromise, except that the account that has been compromised has special privileges on the system.

Packet Sniffer : A program that captures data from information packets as they travel over the network.

Denial of Service : The goal of denial-of-service attacks is to prevent legitimate users of a service from using it.

Exploitation of Trust : Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.

Malicious Code : Programs like viruses, worms and Trojan horses.

Internet Infrastructure Attacks : Rare attacks on network name servers, network access providers, and large archive sites.

Source

Posted in Network Security, Web Security No Comments »

by: Djai Tanji

Before, when a website uses Secure Sockets Layer (SSL) and when the traffic is encrypted, it is as good as a secured website. But unfortunately, Encryption or that little lock that usually appears in your browser does not completely make a website secure because if your site you are submitting personal data to contains a Vulnerability, this means that an attacker can steal your data. Some sites may contain logos with “secured by ____” but you should not rely on that. A website owner can just copy the image and save thousands of dollars doing that. Better keep in mind that there are specific rules about web security for certain types of sites as well.

Posted in Web Security No Comments »

A spyware is computer software that is classified as privacy-invasive. This is installed covertly on a personal computer. Once installed, it can monitor the user’s behavior, collect personal information like surfing habits and sites that visited. It can interfere with user control of the computer such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. It can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »