Staying up to Speed on Dedicated Server Security

HILLSBORO, Ore. - June 11, 2014 - PRLog -- A Global Threat Intelligence Report was just released by NTT Innovation Institute for 2014 which does not look good. Is shows increased activity with botnets and multiple PC’s or dedicated servers communicating surreptitiously. Also there is an increase in Distributed Denial of Service (DDoS) attacks; many infected computers or servers acting in unison against a specific target or targets.

According to the report by the NTT Innovation Institute, 34% of the malicious activity is now labeled as botnet related and websites related specifically to the healthcare, technology and finance industry accounted for 60% of that botnet activity.

Among the many other startling new findings was that 54% of the new malware discovered was able to evade multiple antivirus solutions installed on computers. These new types of malware were collected and discovered by what are known as honeypots which are “digital traps” designed to simply attract malware. It was not made clear which antivirus programs were able to detect and remove the malware and which ones were not able to do so.

This is why having updated software is vital in stopping infections. Cyber security threats are definitely not static and security software can quickly become outdated and useless if not kept up to date on a regular basis.

Antivirus/malware programs should not be judged on initial security alone but at the speed in which they are able to keep up with new vulnerabilities and exploits which are increasing at an ever faster pace.

A positive note in the new report was found that organizations that are in compliance with the payment Card Industry (PCI) were much more secure and able to recover 27% quicker than other online organizations.

Securing the dedicated server’s operating system alone and adding a firewall will not be adequate in preventing bad things from happening. It is also the applications and various other software themselves that must be updated and supported by the developer.

Outdated software such as Apache, PHP and Cross Site Scripting vulnerabilities were some of the most often overlooked vulnerabilities in a server environment causing serious security issues. Operating a server with basic security such as a firewall will not be enough to secure a server. Over 30% of vulnerabilities were related to outdated Apache software alone. Patch management and application configurations are the leading vulnerabilities. Setting up a strong firewall and hardening an Operating System can in many cases not be enough if internal software and applications are not equally as well managed and kept up to date.

Abandoned software that is no longer supported is a major issue with server security.

Having a Incident Response Plan (http://www.hostinganddesigns.com/Blog/?p=1655) (IRP) in place is also vital in responding to an effective security breach. Also, determining how the breach was carried out and why it was successful needs to be understood so it can be prevented from happening again in the future. There is no point in having an IRP without preventing a successful attack from happening again.

Many times, attackers are also keeping up to date with newly discovered software vulnerabilities and can easily exploit them if patching up those applications takes time from the vendor. Sometimes the vendor performs their own internal security checks but in many instances these are discovered by third-party sources.

The Global Threat Intelligence Report also found that open environments such as education had the most malware events totaling 42%. This is due to the open access typical of educational organizations and the inability to enforce security rules and good practice to end users or students. The end user is in many ways the weakest link in the chain of security.

Looking at attacks globally can lead one to believe that most attacks are originating from certain countries such as USA, Australia and Russia. However, as the majority of these attacks may be true, many attackers hide their real location using various methods such as proxies and create a presence in the same country as their target. The NTT Group Q4 2013 SERT Threat Intelligence Report revealed that for USA based attacks many popular hosting providers such as GoDaddy® and Amazon Web Services® (AWS) were used as data exfiltration points.

For more info, please visit: http://www.hostinganddesigns.com/Blog/