A Hacker’s Lucky Dip
Cybercrime, in all its facets – hacking, online fraud, security breaches, information theft, defacements, electronic espionage, and service interruption – seems to be at an all-time high. If the threat doesn’t seem real enough, peruse some of the thousands of defaced home pages immortalised at Zone-H’s Digital Attacks Archive, including those of Canon.co.nz, Microsoft.co.nz and countless others.
How do hackers manage to slip inside? Their tactics are too many to recount here, but their weapons include point-and-click Windows-based graphical software like password crackers and port scanners written by other hackers. They also “sniff” for passwords in unencrypted data streams as they traverse the Internet, spoof IP addresses of trusted machines, and launch “Denial of Service” attacks using hijacked servers.
What is a website manager to do?
- Don’t store credit card numbers on your server, even temporarily. If you must, at least store them encrypted.
- If you collect credit cards or sensitive information use a secure certificate with 128-bit encryption, not the cheaper, less secure 40-bit.
- When emailing sensitive information from your web server to an employee’s inbox, encrypt the email with PGP.
- Hire a security consultancy to conduct a website security audit. If you want to do it on the cheap, have your web server administrator download Nessus and run a vulnerability scan on your web server and network.
- Make sure server passwords aren’t based on a birth date, a word in the dictionary, or the name of a pet, child or spouse. A good password is a combination of letters, numbers, and punctuation, and is at least eight characters in length. Change passwords regularly.
- Disable all unneeded services like FTP (file transfer protocol). The fewer services running on your server, the fewer the potential soft spots.
- Stay vigilant. Monitor the server’s log files – use LogWatch or similar. Subscribe to a service that alerts you to security holes as they are discovered, such as BugTraq. Install the latest security patches as they become available.
- Purchase insurance that covers against cybercrime. Traditional business liability insurance usually excludes such losses.
- Do not have a guest book that allows unchecked submissions to be posted. Search engine spammers vandalise them with links and messages about herbal Viagra and other scams.
- Run daily backups and cycle them so that past “snapshots” are archived and stored offsite.
By Stephan Spencer. This article first appeared on Unlimited in December 2003.
From the fundamentals of link building to the nuances of natural linking patterns, virality, and authority.
Thursday Three: Embrace Journaling, Tackle Tardiness, and Explore Our Energetic Echo
Here’s what I found inspirational, challenging, or just downright hilarious this week. What caught your eye? And, remember to check out this week’s great podcast episodes: Scaling a SaaS Company with Jason Morehouse “A crucial factor to business success is to find and take the personal path that works best for you.” — Jason Morehouse […]Read More
Thursday Three: Harrison’s harmony, conquering a blank canvas, & gut health hacks
Here’s what I found inspirational, challenging, or just downright hilarious this week. What caught your eye? And, remember to check out this week’s great podcast episodes: Be a Sales Game Changer with Fred Diamond “True elite sales professionals develop a dedicated mindset, proactive client interaction, and continuous self-preparation. They understand their client’s needs and enable […]Read More
Thursday Three: Rebirth of sleeper trains, 4,000 weeks is a long/short time, and golden age for medicine
Here’s what I found inspirational, challenging, or just downright hilarious this week. What caught your eye? And, remember to check out this week’s great podcast episodes: A Story Worth Retelling with Luke Storey “Aligned values are the cornerstone of successful partnerships, whether in business or life, as they shape our moral code, define our priorities, […]Read More