Network diagram image

Managing Malware Threats on Your Web Servers

IT managers and security professionals are increasingly worried about targeted malware and its effect on business operations for their enterprise web servers. However, according to a recent survey by security firm Bit9, these professionals are decreasingly confident in their ability to identify and stop such security threats.

Bit9’s server security survey found that targeted malware attacks are the top server security concern of 52 percent of respondents (all 966 respondents are IT and security professionals), up 15 percent from the prior year.

Twenty-five percent of survey respondents said their servers were attacked in 2012, up 8 percent. Twelve percent of those surveyed ranked “too much administrative effort” required by traditional security solution as a bigger concern than actual attacks. Forty-three percent of respondents use more than one full-time employee to manage server security.

These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources-before they execute-while decreasing the security-related administrative workloads of IT and security professionals,” said Brian Hazzard, vice president of product management for Bit9. “The key to securing enterprise servers-both physical and virtual-is to allow only trusted software to execute and prevent all other files from running.”

Besides the obvious idea of installing anti-virus/anti-malware software on your web servers, here are some other ideas for securing them:

1. Remove services you are not using

Default operation system installations and configurations are not secure because many unnecessary network services are installed, such as remote registry services, print server services, etc. The more services running on an OS, the more ports will be left open for malicious users to enter. So, disable unnecessary services so that the next time the server is rebooted, they are not started automatically.

2. Patch, patch, patch

Make sure you enterprise web platforms and Content Management Systems (CMSes) are kept up-to-date. Open source platforms are very often well-maintained in terms of security vulnerabilities. Monitor the blogs and/or vendor announcements for availability of new patches. Ensure that you have a way to test patches for your systems and that you have a regular patch cycle. Be prepared to patch more often should immediate remediation be required. date maintainedMost enterprise web platforms Default operation system installations and configurations are not secure because many unnecessary network services are installed, such as remote registry services, print server services, etc. The more services running on an OS, the more ports will be left open for malicious users to enter. So, disable unnecessary services so that the next time the server is rebooted, they are not started automatically.

3. Secure remote access

Whenever possible, server administrators should login to web servers locally. However, if remote access is needed, make sure that the remote connection is secured properly by using tunneling and encryption protocols (e.g., VPN). When possible, restrict remote access to specific accounts only, and make sure that old accounts are disabled when no longer needed.

4. Server-side scripting and web application content

Keep web application or website files and scripts on a separate partition or drive other than that of the OS, logs, and any other system files. Hackers who gain access to the web root directory are able to escalate their privileges and gain access to data on the whole disk, including the OS and other system files.

5. Keep development, testing, and production environments separate

It is easier and faster to develop a newer version of a web application on a production server, so it is common to develop and test an application directly on the production servers themselves. Therefore, it is also common on the Internet to find newer versions of a specific website, or some content which should not be available to the public, in directories such as /test/, /new/, or other sub directories. These applications are in their early development stages, so they tend to have vulnerabilities. To avoid the threat of a hacker using these versions of your application, conduct the development and testing of web applications on servers isolated from the Internet, and never connect them to real life data and databases.

These steps are just the start to a more secure server environment. The best thing you can do to keep your organization safe from the threat of malware is to stay abreast of security technologies, as they are developed, to stay one step ahead of malicious users.

Free consultation

Six IT Services to Outsource

With the economic climate in the US and Europe still uncertain, many small and medium organizations are looking at outsourcing business services now more than ever. Those organizations that have already outsourced parts of their IT operations are looking to outsource more, and those that haven’t are looking to start. One thing that stops or slows down businesses looking to outsource is simply not knowing where to begin. Here are six places you can start:

  • SaaS: Software as a Service allows you to only pay for the software you use and only while you’re using it. This also has the benefit of cutting management and IT infrastructure needed to support a large collection of software across your computers. A report from 2008 suggest that even in the early stages of SaaS, organizations could expect to save over 50% in some instances, and occasionally more.
  • Managed Hosting: Off-site managed hosting will allow you to make drastic cuts to your in-house IT budget, as well as seriously reduce overhead from having your hosting infrastructure in your office or at a rented space. Managed hosting is one of the oldest, and most well understood, form of IT outsourcing, so there are significantly less risks than with almost any other plan.
  • Data Center: Data centers make the most sense for organizations that either generate or process large amounts of data, or for organizations that don’t have the local facilities to support a data center. Besides saving money on storage and processing, data centers also offer increased security, with redundant backups, redundant power & Internet, high-level encryption, and other protective measures. The added security often makes this a worthwhile investment even when cost-cutting is minimal.
  • Asset Management: In asset management outsourcing, an outsourcing agency takes over the management and support for IT assets like servers, computers and workstations, phones, and other office equipment. While the levels of support provided vary from provider to provider, this is a great way to offload many of the costs involved with running a large office organization.
  • Product Service/Customer Support: If you are in the business of selling technology, one less-often considered form of technology outsourcing is outsourcing your service and support divisions. Toshiba has had great success with outsourcing their service and repair divisions to UPS supply chain solutions in 2004, and HP has been doing it even longer. Likewise, tech support service and call centers can easily be outsourced, increasing margins on products and cutting infrastructure costs dramatically.
  • IT Strategy: Organizations can outsource their IT strategy to a firm that has the breadth of experience, domain/industry knowledge and diverse IT industry knowledge that is nearly impossible to duplicate cost-effectively in-house. Strategic advice can incorporate growth and capacity planning, addressing TCO and ROI, as well as risk management.
Business man on mobile phone

Oh, the Risks of Public Wi-Fi

As technology goes more and more mobile, working remotely from public Wi-Fi locations is going to be a bigger and bigger part of doing business. Whether it’s your sales team using airport Wi-Fi while waiting for a flight, or your creative employees knocking out some work at a Starbucks over lunch, the risks of public Wi-Fi are going to have to become a consideration for companies. Unfortunately, most employees (and many employers) don’t know just how dangerous using public Wi-Fi networks can actually be.

Whenever you connect to a public Wi-Fi network, any information you send or receive can be easily snatched from the air and inspected. In fact, this very issue was highlighted just a short while ago when a plugin called Firesheep made it trivial for anyone on a public Wi-Fi network to hijack the social network and other accounts of people sharing that network. While the major social networks quickly fixed the vulnerabilities that allowed this behavior, not all sites did. This is not to mention any capabilities the Federal Government (read: NSA) has to do this.

To Allow or Not to Allow?

Protecting your business data from being exposed on public networks is critical, and should not be taken lightly. The simplest and most secure way to prevent proprietary data from leaking into public access is to simply not use public Wi-Fi spots for any kind of official business. In fact, for the most security, it might be a good idea to not connect any company mobile devices to any public Wi-Fi networks at all.

Solutions

Another solution is to use a 4G internet dongle. These devices plug in to your laptop and function as cellular modems to connect you to the internet the same way that your cell phone connects. This not only lets you bypass the dangers of public Wi-Fi, but also allows your employees to work online from anywhere where they can get a cell signal. The downside is that if there is no cell reception, there is no internet, and poor cell reception could lead to the connection being agonizingly slow. It’s also fairly pricey, with many providers charging large fees for very limited data. One alternative here is to tether an existing 4G phone that already has a data plan.

The last solution is to use a VPN, or virtual private network, to tunnel through the public Wi-Fi access and do all business-related work under full encryption. A VPN, in this case, involves creating a secure connection within the unsecured public connection, and connecting directly to a work server which you then use to access the broader internet. This keeps the data you send secure between your laptop and the final destination. VPNs are relatively easy and inexpensive to install and deploy.

Hybrid solutions are out there as well. We have deployed software for organizations that enables employee computers to access public WiFi but only in conjunction with a VPN, so users can enjoy the convenience but reduce their risk.