With new and creative cyber attacks being launched everyday, an organization must explore all available security avenues to ensure their safety. It is not enough to merely respond to an attack, there are steps you need to take to prevent a security breach. Of course, it is not always feasible to do it on your own, which is why there are tools in place to automize prevention techniques. Today, we will discuss the different types of attacks and how they are exploiting what you are doing wrong.
WHY ARE SO MANY ATTACKS HAPPENING NOW?
With the recent growth and proliferation of web and mobile applications, businesses are not keeping up with security at the same rate as the growth of e-commerce. In 2014, there was a 48% rise in cyber security incidents because of this delay in security updates. More precisely, cyber attackers are working harder at getting in your system than you are at protecting it.
HOW ARE HACKERS GETTING IN?
A vast majority of these security incidents come from one very easy to overlook area; the exploitation of configuration loopholes. By hardening these configurations, you can prevent a range of cyber attacks and ultimately prevent revenue loss and data theft.
TYPES OF ATTACKS
DOS AND DDOS ATTACKS
A Denial Of Service (DOS) attack is one in which hackers disrupt service to legitimate users. It is a network based attack in which cyber attackers open legitimate connections and keep them open so that bandwidth is choked and service is denied to customers. The impact of these attacks is not only the loss of the data they are trying to steal but also in the direct revenue loss that comes from legitimate customers leaving your business due to a lack of service.
The four most common DOS attack types are:
VOLUMETRIC: An attempt to consume bandwidth.
TCP BASED: An attempt to use all of the available connections of the underlying structure.
FRAGMENTATION: An attempt to send a flood of TCP messages that overwhelm the target machine and slow down service.
APPLICATION: An attempt to overwhelm a specific aspect of an application.
Any attempt to steal information, whether it be payment card information or credentials for identity theft, is considered data theft. The impacts of this theft can be far reaching and include lawsuits, revenue loss and business discontinuity.
BRUTE FORCE ATTACKS
Data theft attacks will most likely occur on your data base server where the most critical data is stored. In a brute force attack, the attacker attempts to exploit weak password complexities. For example, if you have not employed a setting where a user is locked out after a certain number of password attempts, an attacker can try password combinations indefinitely. In addition, using default user names such as “administrator” can put you at greater risk. Hackers are also known to use guest account to get access to a database.
MAN IN THE MIDDLE ATTACKS
A man in the middle attack occurs when the attacker sniffs out data over a network by placing himself between the victim and the network. These attacks occur when there is weak or no encryption in place for RPC communication or when there is no SQL client server traffic encryption. In most of these cases neither the victim or the server is aware there is a breach and a complete data transmission can be stolen undetected.
HOW DO I PREVENT THESE ATTACKS?
SInce the #1 cause of attacks is misconfiguration, the best approach to preventing security breaches is though proper configuration. Ideally, a customer goes to a site and the server processes and services legitimate requests. It is when this basic process gets interrupted that attacks occur. Since configurations are dynamic in nature and are meant to change, the best way to prevent attacks is through constant monitoring.
DOS - TCP BASED
When addressing the TCP/IP stack settings, parameters must be hardened to prevent attacks. When there is heavy traffic to the UI engine, that is when protocol is disrupted and the bandwidth is choked.
DOS - APPLICATION BASED
In the case of a remote desktop, one way to prevent attacks is to adjust session limit settings. When these settings are adjusted it makes it more difficult for the bandwidth to be choked.
In a IIS, the web request is processed and sent out. In order to minimize DOS attacks, you can adjust the number of concurrent requests, the HTTP connection times, and the maxquery setting. The bottom line is that if you don’t need something to be running, shut it down.
Now that we’ve identified how data theft and DOS attacks happen, in our next post we will discuss Paladion’s RisqVu SCM solution that you can implement to complete a configuration audit and prevent these attacks from happening.
About the Author:
Amarnath Chaterjee is the VP of product development with Paladion Networks with Specialization in compromise detection, security configuration assessment, governance risk and compliance. Amarnath is also the key architect and project head of RisqVu IST and RisqVu GRC products.