Securing Web Servers from DoS attacks - Best Practices ?
This article covers Tactics To Prevent DDoS Attacks & Keep Your Website Safe.
Basically, it is impossible to prevent DoS and DDoS attacks entirely. But we can limit them to a certain extend by implementing security actions mentioned in this guide.
Denial of service attacks are here to stay, and no business can afford to be unprotected.
Facts about DDoS Attacks:
1. DDoS stands for Distributed Denial of Service.
2. It is a form of cyber attack that targets critical systems to disrupt network service or connectivity that causes a denial of service for users of the targeted resource.
3. A DDoS attack employs the processing power of multiple malware-infected computers to target a single system.
Best Practices for Preventing DDoS attacks:
1. Develop a Denial of Service Response Plan
Develop a DDoS prevention plan based on a thorough security assessment. Unlike smaller companies, larger businesses may require complex infrastructure and involving multiple teams in DDoS planning.
2. Secure Your Network Infrastructure
Mitigating network security threats can only be achieved with multi-level protection strategies in place.
This includes advanced intrusion prevention and threat management systems, which combine firewalls, VPN, anti-spam, content filtering, load balancing, and other layers of DDoS defense techniques.
3. Practice Basic Network Security
The most basic countermeasure to preventing DDoS attacks is to allow as little user error as possible.
Engaging in strong security practices can keep business networks from being compromised.
4. Maintain Strong Network Architecture
Focusing on a secure network architecture is vital to security. Business should create redundant network resources; if one server is attacked, the others can handle the extra network traffic.
5. Leverage the Cloud
Outsourcing DDoS prevention to cloud-based service providers offers several advantages. First, the cloud has far more bandwidth, and resources than a private network likely does. With the increased magnitude of DDoS attacks, relying solely on on-premises hardware is likely to fail.
Server Hardening - What it means
This article covers techniques to prevent attacks on the server. Basically, if we manage our servers without proper precautionary actions it is easy to spoil the reputation of the server.
Hardening your server is the process of increasing security on your server through a variety of means to result in a much more secure operating environment. Server hardening is one of the most important tasks to be handled on your servers.
The default configuration of most operating systems is not designed with security as the primary focus.
Default server setups focus more on usability, functionality and communication.
Server Hardening Security Measures Includes:
1. Hide login password from cgi scripts.
This setting allows you to hide the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon's CGI handler executes.
2. Referrer safety check.
Only permit cPanel, Webmail and WHM to execute functions when the browser-provided referrer (port and domain or IP address) exactly matches the destination URL.
3. Initial default/catch-all forwarder destination
Select Fail to automatically discard un-routable email that your servers new accounts receive. This will help protect your server from mail attacks.
4. Verify signatures of third-party cPaddons.
Enable this option to verify GPG signatures of all third-party CPaddons.
5. Prevent "nobody" from sending mail.
Enable to block email that the nobody user sent to the remote address. Nobody is the username for Apache.
6. Enable SPF on domains for newly created accounts.
7. Proxy subdomain override.
Disable this option to prevent automatically-generated proxy domains when a user creates a subdomain.
8. Proxy subdomain creation.
Disable this option to prevent the addition of cPanel, Webmail, Web Disk and WHM proxy subdomain DNS entries to new accounts.
9. Cookie IP validation.
Disable this option to allow logins regardless of the user's IP address.
Methods to secure database server - Best Practices
This article covers different methods to secure a Database Server. Database security helps: Company's block attacks, including ransomware and breached firewalls, which in turn keeps sensitive information safe. It Prevent malware or viral infections which can corrupt data, bring down a network, and spread to all end point devices.
SQL injection vulnerabilities occur when application code contains dynamic database queries which directly include user supplied input.
This is a devastating form of attack and BSI Penetration Testers regularly find vulnerable applications that allow complete authentication bypass and extraction of the entire database.
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.
This information may include any number of items, including sensitive company data, user lists or private customer details.
Some known database security issues:
Security risks to database systems include,
1. Data corruption and/or loss caused by the entry of invalid data or commands
2. Mistakes in database or system administration processes, sabotage/criminal damage and so on.
There are numerous types of databases and many different ways to hack them, but most hackers will either try to crack the database root password or run a known database exploit.
If you're comfortable with SQL statements and understand database basics, you can hack a database.
Practices for Database Security:
1. Protect Against Attacks With a Database Proxy.
2. Set Up Auditing and Robust Logging.
3. Practice Stringent User Account Management.
4. Keep Your Database Software and OS Up-to-Date.
5. Encrypt Sensitive Data in Your app, in Transit, and at Rest.
Enforcing server security using hardware firewall
This article covers how important is enforcing process in server security using a #hardware #firewall. A firewall is a system that provides network security by filtering incoming and outgoing network traffic based on a set of user-defined rules. In general, the purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely.
A hardware firewall sits between your local network of computers and the Internet.
The firewall will inspect all the data that comes in from the Internet, passing along the safe data packets while blocking the potentially dangerous packets.
Hardware firewalls allow you to protect your entire network from the outside world with a single physical device.
This device is installed between your computer network and the internet.
A software firewall is installed on an individual computer and it protects that single device.
Tips to achieving network security:
1. Use strong authentication methods.
2. Upgrade your software with latest security patch.
3. Physically secure equipment and ports.
4. Establish cyber security rules for your employees and make them aware of the important role they play in security.
5. Encrypt your data and require users to enable bios passwords.
Scanners For Security Linux Servers
This article covers a few good scanners for securing #Linux Servers.
ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot.
To run a ClamAV scan in Linux, you can open a terminal and insert “sudo apt-get install clamav” and press enter.
You may also build ClamAV from sources to benefit from better scanning performance.
To update the signatures, you type “sudo freshclam” on a terminal session and press enter.
Now we are ready to scan our system.
clamscan is a #command line tool which uses libclamav to scan files and/or directories for viruses. Unlike clamdscan , clamscan does not require a running clamd instance to function. Instead, clamscan will create a new engine and load in the virus database each time it is run.
Clam AntiVirus (#ClamAV) is one such open-source antivirus software that helps to detect many types of malicious software including viruses.
Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer.
Hardening an Ubuntu Server
This article covers the the importance of passwords, user roles, console security, and #firewalls all of which are imperative to protecting Linux servers.
Hardening an #Ubuntu server is a critical step in any server setup procedure.
Any time that a new server is being brought up to host services, whether production, development, internal or external, the server's operating system must be made as secure as possible.
To make your Ubuntu #Linux server secure:
1. Secure Server Connectivity
2. Establish and Use a Secure Connection.
3. Use SSH Keys Authentication.
4. Secure File Transfer Protocol.
5. Secure Sockets Layer Certificates.
6. Use Private Networks and VPNs.
7. Monitor Login Attempts.
8. Manage Users.
9. Establish Password Requirements.