A Hacker’s Lucky Dip
Cybercrime, in all its facets – hacking, online fraud, security breaches, information theft, defacements, electronic espionage, and service interruption – seems to be at an all-time high. If the threat doesn’t seem real enough, peruse some of the thousands of defaced home pages immortalised at Zone-H’s Digital Attacks Archive, including those of Canon.co.nz, Microsoft.co.nz and countless others.
How do hackers manage to slip inside? Their tactics are too many to recount here, but their weapons include point-and-click Windows-based graphical software like password crackers and port scanners written by other hackers. They also “sniff” for passwords in unencrypted data streams as they traverse the Internet, spoof IP addresses of trusted machines, and launch “Denial of Service” attacks using hijacked servers.
What is a website manager to do?
- Don’t store credit card numbers on your server, even temporarily. If you must, at least store them encrypted.
- If you collect credit cards or sensitive information use a secure certificate with 128-bit encryption, not the cheaper, less secure 40-bit.
- When emailing sensitive information from your web server to an employee’s inbox, encrypt the email with PGP.
- Hire a security consultancy to conduct a website security audit. If you want to do it on the cheap, have your web server administrator download Nessus and run a vulnerability scan on your web server and network.
- Make sure server passwords aren’t based on a birth date, a word in the dictionary, or the name of a pet, child or spouse. A good password is a combination of letters, numbers, and punctuation, and is at least eight characters in length. Change passwords regularly.
- Disable all unneeded services like FTP (file transfer protocol). The fewer services running on your server, the fewer the potential soft spots.
- Stay vigilant. Monitor the server’s log files – use LogWatch or similar. Subscribe to a service that alerts you to security holes as they are discovered, such as BugTraq. Install the latest security patches as they become available.
- Purchase insurance that covers against cybercrime. Traditional business liability insurance usually excludes such losses.
- Do not have a guest book that allows unchecked submissions to be posted. Search engine spammers vandalise them with links and messages about herbal Viagra and other scams.
- Run daily backups and cycle them so that past “snapshots” are archived and stored offsite.
By Stephan Spencer. This article first appeared on Unlimited in December 2003.
From the fundamentals of link building to the nuances of natural linking patterns, virality, and authority.
Your Ultimate Guide to Google Penalties
When your website’s traffic suddenly takes a tumble and you don’t know why, it can be maddening. Why is this happening? It’s possible you’ve been hit with a Google penalty, or have come up against one of Google’s algorithm updates. If you’re wondering how Google penalties work and what you should do to avoid them, […]Read More
Using Psychology to Boost Your Conversion Rate Optimization
Can a better understanding of the human brain help you get more conversions? Absolutely! Let’s look at how to incorporate some psychological concepts into your conversion rate strategy, along with some examples. Behavioral economics: humans are irrational What is behavioral economics and what does it have to do with conversion rates? Traditionally, economists believed that […]Read More
How to Master Social Selling on LinkedIn
Social selling could be your key to securing new prospects and boosting your bottom line. When not done properly, however, social selling can also ruin your online presence and repel potential customers. So what is social selling, and why does your brand need it? More importantly, how do you master social selling? Let’s look at […]Read More