As technology advances, the data security threats have become more sophisticated and difficult to manage. The notorious cyber criminals and attackers are leveraging the use of technology in carrying out their assaults. There are five identified threats that can possibly exploit the existing data vulnerabilities.
- DDoS Attacks
- Web Application Attacks
- DNS Infrastructure Exploits
- SSL-Based Blind Spots
- Brute Force and Weak Authentication
DDoS Attacks
If a web server’s traffic is unusually high but there are no legitimate transactions, possibly there is distributed denial-of-service (DDoS) attack. It happens when a server’s IP is flooded with fraudulent requests consuming the CPU time, memory, and the network bandwidth until it becomes unavailable. Legitimate traffic is denied of service.
With increasing DDoS for hire services, ‘bots’ are just lurking in compromised systems and may seem harmless until they receive a centralized command to attack. Any server, website or other network systems, are possible target victims. The impact of distributed denial-of-service (DDoS) attacks has become more destructive when servers are used as ‘botnets’ instead of PCs. Motives of the DDoS attacks could be financial gains, intelligence competition, political, or notoriety.
DDoS attack is a game of capacity and its impact is delayed when your bandwidth is more than enough. However, the increase bandwidth cannot stop DDoS attack but it will give you time to react before your system shuts down. It is best to regularly monitor the status of your inbound traffic. Be wary of any major spikes; early detection is the key for DDos attacks.
Web Application Attacks
If your business has a web application, then possibly you are also vulnerable to data breaches. With a poorly designed application, a malicious code can be embedded using SQL injection by using unsanitized user inputs, thereby compromising the database with fraudulent queries. It is also possible that a web page user is redirected to a fake identical page using the Cross-Site Scripting (XSS) technique. The malicious page would then run a script to capture the browser’s cookies, thereby stealing the pertinent information of the user. Another web application attack technique is called Cross-Site Request Forgery (CSRF). With this technique, a user may also be tricked into clicking a link or downloading something that executes malicious actions on a trusted authenticated user session. This may cause unwanted transfer of funds or change of password on behalf of the user. Aside from the three mentioned, there are many other possible hacking techniques used to exploit the web applications vulnerabilities.
The best defense against the web application assault is to consider writing secure codes a priority. For outsourced software development, discuss with your software development provider the importance of data security implementation in your web application. For example, you can specify to shorten a timeout session and implement token per request as part of the requirements. Make sure also that the third party plugins are included in the penetration testing before deploying your web application.
DNS Infrastructure Exploits
DNS infrastructure is also subject to attacks. One attack is called DNS cache poisoning which allows the attacker to reroute the users to malicious sites by putting false information into the cache of a DNS server. The malicious sites are usually used to spread malware and tools for stealing data.
Attackers also utilize the power of DNS servers to amplify DDoS attack. The DNS resolver address is spoofed and replaced with the victim’s IP address. As a result, all DNS query replies are sent to the victim’s server. The attacker sends recursive queries from multiple ‘bots’ until the victim’s server is paralyzed and denial of service is achieved. The DNS server here is not the main target of attack, but they are also vulnerable to downtime as a result of recursive queries.
To reduce DNS server vulnerability, the server administrator must configure their DNS server to limit or disable recursive queries, and clear it of any unnecessary services which could possibly open opportunities for attack. The system administrators also need to be aware of new security advisories and security patch updates.
SSL-Based Blind Spots
The Secure Sockets Layer (SSL) is a standard security mechanism using encrypted Internet communication. Encryption allows protection as the data travels in between the browser and the web server. However, the encryption in SSL protocols has provided cybercriminals security blind spots. It has been discovered that encryption is used to mask malware, evades detection, and bypass critical security controls.
To prevent possible exploits from SSL blind spots, companies need to decrypt SSL traffic and submit the contents for security control verification. SSL Inspection tools are actually available to perform this. Another good practice is to define a company-wide SSL Certificates Lifecycle process. After issuance of the certificates, there is a need to do inventory and monitoring to make sure that the certificates are renewed prior to their expiration dates.
Brute Force and Weak Authentication
Brute force attack is an exhaustive way of guessing the possible passwords combinations with the hope of eventually getting the correct one. The larger the set of password combinations, the more difficult it is to guess. With tools available, the attacker can easily hack into a weak authentication.
To prevent brute force attack, an organization needs to enforce Password Policies on password strength, changes, and re-use. Aside from enforcing a strong authentication, it’s also a good practice to require users to periodically change passwords, and prohibit re-use of the same passwords. For critical access, the two-way or multi-factor authentication is advisable.
Aside from security infrastructure, every organization must have a documented Security Policies in place. To avoid panic, the best way is to include pre-planned responses when an attack is detected. Basically, the plan outlines ‘what to do’, ‘how to do it’, ‘who will do it’ and ‘what information to disseminate’. With Security Policies, every employee must understand the impact of security threats, and why data security is everybody’s business.