Filter: Data Security

secure server

7 Measures To Achieve A Secure Server

The news has been abuzz with reports of latest hacks and data breaches that have caused major mayhem to businesses and users alike.  Web servers that serve as website hosts for your business are vulnerable to a number of security threats and need to be protected from intrusions, hacking attempts, viruses and other malicious attacks (such as phishing and hacking).  Having a secure server is absolutely crucial for any business that operates online and engages in network transactions. Web servers are an easy target for hackers because of the sensitive data they usually host. Therefore, taking proper measures to ensure you have a secure server is as vital as securing the website, web application and also the network around it.

Your selection of the server, OS and web server is one of the first decisions that will impact what best practices you have to put in place for a secure server and the kind of services that run on it. Irrespective of what web server software and operating system (Microsoft Windows, Linux) you are running, there are certain measures you must take to increase your server security. It is necessary to review and configure every aspect of your server in order to secure it. Maintaining a multi-faceted approach offers in-depth security because each security measure that is implemented adds an additional layer of defense. Here is a list of tasks that individually and collectively will help strengthen your web server security and prevent cyberattacks against your applications and infrastructure.

  1. Automated Security Updates

Most vulnerabilities have a zero-day status. It takes very little time before a public vulnerability is utilized to create a malicious automated exploit. So it helps to keep your eye on the ball when it comes to getting your security updates. You may want to consider applying automatic security updates and security patches as soon as they are available through the system’s package manager.

  1. Review Server Status and Server Security

Being able to quickly review the status of your server and check whether there are any problems with its CPU, RAM, disk usage, running processes and other metrics will often help detect server security issues with the server faster. It is also possible to review the server status server with ubiquitous command line tools. All your network services logs, site access logs, database logs (Microsoft SQL Server, MySQL, Oracle) present in a web server, should ideally be stored in a segregated area and checked frequently. Keep an eye out for strange log entries. When your server is compromised, having a reliable alerting and server monitoring system in place will prevent the problem from snowballing.

  1. Perimeter Security With Firewalls

Having a secure server means having security applications like border routers and firewalls set up to help filter known threats, automated attacks, malicious traffic, DDoS filters, bogon IPs, and untrusted networks. A local firewall can actively monitor for attacks such as port scans and SSH password guessing to block any security threat from attacking the firewall. And a web application firewall helps to filter incoming web page requests in order to block requests that have been deliberately created to break or compromise a website.

  1. Use Scanners and Security Tools

There are many security tools (URL scan, mod security) provided with web server software to help administrators secure their web server installations. Though configuring these tools can be hard work and time consuming, particularly with custom web applications, they add extra layer of security and give you peace of mind.

Scanners can help automate the process of running advanced security checks against the open ports and network services to ensure you have a secure server and web applications. It usually checks for SQL Injection, Cross site scripting, web server configuration problems and other security vulnerabilities. There are even scanners that can automatically audit shopping carts, forms, dynamic web content and other web applications and provide detailed reports to detect existing vulnerabilities.

  1. Remove Unnecessary Services

Typical default operating system installations and network configurations (Remote Registry Services, Print Server Service, RAS) are not secure. Ports are left vulnerable to abuse with more services running on an operating system. So it is advisable to switch off all unnecessary services and disable them. This also helps boost your server performances, by freeing hardware resources.

  1. Manage Web Application Content

All web application or website files and scripts should be kept on a separate drive, away from the operating system, logs and any other system files. This way even if hackers gain access to the web root directory, they will not be able to use any operating system command to take control of the web server.

  1. Permissions and privileges

File and network services permissions are crucial to having a secure server as it helps limit any potential damage from a compromised account. Malicious users can compromise the web server engine and use the account in order to carry out tasks, such as execute specific files. File system permissions should preferably be granular. Review your file system permissions on a regular basis to prevent users and services from engaging in unintended actions. Consider removing the “root” account to enable login using SSH and disabling any default account shells not normally accessed. Make sure to use the least privilege principle for a specific network service to run and also restrict what each user or service can do.

Sum Up

Securing web servers can help keep corporate data and resources safe from intrusion, or misuse. And as we have established it is as much about people and processes as it is about security products. By taking these hardening measures mentioned in this post, you can begin to create a secure server infrastructure to support web applications and other web services.

secure socket layer

Securing Your Website With SSL Certificate

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security tools at their disposal to keep cybercriminals and hackers at bay. It can be a real challenge to know where to start, when you are defending against malicious code that can damage your system and against cyberthieves on the lookout for sensitive data to sell on the black market. One thing every business can do to protect their website and customers is to use Secure Sockets Layer (SSL) certificates, particularly if they run an e-commerce site or collect personal customer information through their site.

What Is SSL?

The Secure Sockets Layer (SSL) is the most widely used Internet security protocol used today. This encryption technology protects your sensitive information as it travels between the visitors’ web browser and the web server of the website they are interacting with. This secure link ensures that all data is transmitted without being intercepted by prying hackers.

SSL encrypts all data before it is sent so that no one besides you and the website you’re submitting the information to, can see and access what you type into your browser. Random characters are inserted into the original information to make it incomprehensible for anyone without the proper encryption key. Therefore, if it does fall into the wrong hands there is nothing to worry about since the information is unreadable.

SSL Certificate Basics

When you visit a website that has an SSL certificate issued by a trustworthy authority, your browser (i.e. Internet Explorer®, Firefox® and Chrome™) will form a connection with the webserver, recognize the SSL certificate, and then connect your browser and the server so that confidential information can be exchanged.

To enable SSL on your site, you need to get an SSL Certificate that identifies you and install it on your web server. The SSL certificate must also be digitally signed by another trusted root certificate to prove that the SSL certificate provider can be trusted. Business owners can get standard and extended certificates along with tools to manage multiple certificates or security challenges.

Steps For Getting A SSL Certificate

Once you have selected Certification Authority vendor, send a request for certification and pay for the certificate.

Every CA will provide a Certification Practice Statement (CPS) with more specific information about their verification process and how long it will take to receive approval, depending on the complexity of your organization and the type of certification applied for. Business owners then have to go through various stages of vetting before they can install the certificate on their site and connect to a secure server on the web.

When the SSL Certificate is installed properly, you can access a site instantly by changing the URL from http:// to https://. The secure connection happens instantly and technically.

How Can Consumers Tell if a Website is Certified?

SSL is a transparent protocol which requires no interaction from the end user. Users can verify whether the web address in their browser displays a padlock, or, in the case of Extended Validation SSL, if there is both a padlock and a green bar. This assures visitors that the site is SSL certified and that your connection is automatically secured.

How Can SSL Be Used For Business?   

The most common applications of SSL are to secure payment transactions, system logins, email, data transfer, and any other sensitive data exchanged online.

If your organization has to comply with regional, national or international regulations, such as Payment Card Industry compliance, on data privacy and security then you will need an SSL certificate with the proper encryption. EV SSL provides advanced security measures to deal with the bigger risks that come with e-commerce today.

SSL is critical for protecting sensitive information such as customer names, phone numbers, addresses and credit card numbers. It also defends your site from malware and prevents malvertising from eating into your resources.

SSL secures webmail and helps establish secure connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.

SSL can also be used to secure intranet based traffic such as internal networks, extranets, and database connections. It also helps transfer of files over https and FTP(s) services safely.

Future-Proof Your Site With SSL Certificate

Online businesses can gain and retain their customer’s trust by getting SSL certification.  Lunarpages offers free dedicated  SSL certificate  and dedicated IP’s with all of our business plans or you can get a Dedicated SSL certificate on your account. Shared SSL certificate will function only with HTML, and cgi/perl based documents/scripts/carts but it will not work with ASP, JSP or PHP pages because of security restrictions on the servers. For that you will need to purchase a Dedicated SSL Certificate and Dedicated IP. If you’re still unsure about how SSL will affect your website, contact Lunarpages at 1-877-586-7207 (US/Canada) to know more.

malicious adware

Getting Rid of Malicious Adware

Cisco estimates that nearly 75% of organizations have suffered an adware infection. Adware, or advertising supported programs, are software with embedded advertising that automatically displays or downloads advertising material when a user is online. Have you ever tried to install Adobe Reader and found it offering to install an “optional” extra program, such as Google Chrome or a McAfee security solution? This is an example of adware from legitimate and respectable companies that can easily fool your security program because they appear as advertisers and not criminals. Then there are thousands of shady advertisers with junk programs that try every trick in the book to install something without your consent. For instance, a web page with a phony message warning you that your Adobe Flash needs to be updated comes up and you click OK without reading it too closely and you immediately get a host of new useless programs on your computer, eating up your resources or even spying on your browsing activities.

You can be one errant click away from your screen being inundated with web page pop-ups, links to ads, or your system being injected with malicious programs, browser extensions and add-ins. And that is just the beginning. When adwares are part of a malware cocktail comprising of rootkitsTrojans and more, then it can be an even more serious problem. Since malicious adware is designed to make its way onto your computer and stay there, slowly driving you insane, you are probably interested in learning the steps can you take to get rid of unwanted adware.

What to Do After the Infiltration of Adware 

Adware from malicious hackers that use unethical business practices are harder to remove by design and generally require the use of an adware cleaner or removal tool.

  1. Disconnect: To prevent the adware programs from sending out sensitive information or from opening more backdoors to your computer, you can disable your network connection or simply unplug the Internet cable from your computer.
  2. Remove Malicious Programs from Your System: There are two distinct methods that can be used to remove adware from the system, either through manual removal or automatic adware removal. After disconnecting from the Internet, you can quite simply remove any adware or spyware listed in Add/Remove Programs from Control Panel, and reboot the computer. Then run a full system scan using any up-to-date antivirus scanners, preferably in Safe Mode (to limit the adware’s access to your system components). If prompted, allow the scanner to clean, quarantine, or delete as necessary.  You won’t find adwares that install themselves within your browser as plugins or extensions, in the Control Panel. Therefore, take the following steps-
  • To remove adware in Chrome browsers, navigate to ‘Extensions’ under ‘Settings’.
  • For Firefox, open menu in the top right corner, and check ‘Extensions’ under ‘Add-ons’ to remove any suspicious extensions installed.
  • In Internet Explorer, access and uninstall adware serving extensions through ‘Add-ons’ under ‘Tools Manage.’
  1. Reset Your Setting: Adware can often modify your browser settings in order to change your homepage or redirect you to malicious websites. You will need to reset any such settings.
  • For Google Chrome, go to ‘Settings’ and check the pages present in the “On startup” section.  To remove any of them, click the “X” button next to a page. To change your search settings, go to ‘Manage Search Engines’ under ‘Settings’ and set up your default search engine.
  • For Firefox, press ‘Open Menu’ and go to the ‘General’ section and modify your homepage in the startup section. Then go to the ‘Search tab’ on the left side of the menu to set up your default search engine and add or remove search engines, according to your need.
  • In Internet Explorer, go to ‘Internet Options’ under the ‘Tools’ section and modify the URL you want in the homepage section.

You also need to ensure that your HOSTS file hasn’t been hijacked and any undesirable websites haven’t been added to your Trusted Sites Zone. Sometimes, manual adware removal may not do the trick because these programs contain various components that come in a pack and you can often unintentionally leave unwanted files and similar components on your computer.

Automatic Adware Removal

Thankfully there are other ways to remove and defend against malware-related adware too. Automatic adware removal is the most reliable way to eradicate adware and its components using legitimate anti spyware programs that have extensive parasite signature databases for easy detection and elimination.

Major operating systems have their own built-in removal tools, such as the “Malicious Software Removal Tool” from Windows, which scans and removes adware. Even Mac OS X can automatically scan and quarantine known threats. But your system has to be up-to-date, or these OS tools won’t work properly.

There are popular third-party security and anti-virus software, such as Norton, Kaspersky, Avast and McAfee that include adware detection and removal tools. Keep them updated with the latest patches and definitions. Run a scan if you think your computer is infected.

The Final Word on Adware

While adware may be a more manageable threat than rootkits or Trojans, they can still wreak havoc on your system and act as a gateway for other, more serious types of infection later. All you have to do is be more careful about the sites you visit, and watch what software you install.

mobile workforce

How to Successfully Secure Your Mobile Workforce

Maintaining Security for a Mobile World Part 2:

Security in the mobile workforce is now a top priority for every business with increasing mobile device threats that can result in data loss, security breaches and regulatory compliance violations. You can take a number of steps to keep your data assets secure and to reduce the risks posed by mobility, while addressing related legal, privacy, and security requirements associated with mobile devices. Implementation of robust policy creation, communication about the implication of faulty mobile security practices, risk assessment, use of mobile enterprise technology, and continuous monitoring can help meet the security challenges associated with use of diverse mobile devices. In this article we help you understand how your business can efficiently manage your data in today’s mobile environment and apply rigorous security standards to minimize risks, while ensuring agility, and productivity.

Help Employees Secure Mobile Data

There should be proper documentation, security protocols, and best practices in place for your employees to ensure your mobile data is protected at all times. Every company should have a full policy with regard to usage of mobile devices for work and it should be updated and shared regularly with your staff. Employees need to be educated about the necessity of strong passwords and multilevel access control. All employee smartphones or tablets should be protected with a PIN or access code. Do not allow apps to save passwords, store sensitive information, or use automatic logins. Wherever possible, do add a security layer to the app process, such as two-factor authentication for added account protection, or else you will have to take measures to double up on document protection. It should be mandatory for any device connecting to or holding company data to be encrypted at the disk level. Make your system secure by setting up automatic lock screens for all your mobile devices when it remains idle for a few minutes. Users should download apps only from an authorized app store. All updates should be downloaded as soon as they are available as they often contain security patches.

Protect the Mobile Enterprise

Every new employee-owned device being introduced to the organization gives hackers an easy access route to classified information so direct steps have to be taken to secure the mobile enterprise.  Choosing the right tools for the job is of utmost importance and here are some of the major technologies available in the marketplace to implement BYOD (bring your own device).

  • Enterprise Mobile Device Management (MDM) Systems

Mobile Device Management (MDM) allows you to take control of data in a BYOD environment. make it possible to install remote updates and take remote control over mobile devices, including the ability to wipe a mobile device that is stolen. MDM software automates the policy enforcement of network attached mobile devices that operate inside and outside the firewall and it also supports remote data backup for easy recovery of data in case a device is lost or stolen.

  • Endpoint Mobile Security Solutions

Viruses that spread on mobile devices are a real threat to your sensitive company data. While employees can be educated not to download suspicious software, apps, documents or even click on malicious links, it is critical to install security suites, including antivirus, anti-spyware,  and malware security solutions across all mobile devices. There are intrusion detection and prevention systems, vulnerability scanning and application blocking and data loss prevention software that can be used to protect multiple mobile devices. Enable automatic updates of the software so that the security software remains current on every device to defend against the latest security risks.

  • Network Access Control

NAC tools can inspect mobile devices connected to the network to make sure they are up to date with the latest security patches and download updates automatically, before allowing the device to connect. It is necessary for organizations to track and keep tabs on the locations of all outdated devices that may still have access to data. NAC is important in the onboarding and offboarding of devices from wireless and wired corporate networks. All mobile devices should be wiped clean before donating or getting rid of them.

  • Endpoint Virtualization

It is possible to use a single console to deploy and manage endpoint virtualization solutions for complete separation of personal and work computing on the same device by placing each in its own virtual machine.

  • Enterprise-level Mobile Content Management (MC)

MCM and collaboration solutions help IT staff secure and manage mobile access to an organization’s files and data. An on-premises file synchronization solution can provide users with the ability to share and access company information on the road, while enabling administrative control, and security necessary to keep data assets safe. There should be security protocols for file transfer mechanisms to ensure data is being moved into and outside of the organization securely. Mobile- and web-based transfer tools can help IT departments in enterprises have oversight of data while achieving enhanced productivity.

  • Remote Security Services

Many organizations hire remote security and outside services to support mobile workforce and to facilitate system security, including mobile data access. Remote monitoring services can watch mobile data traffic being delivered through the cloud and guard for suspicious activity or indicators that a handheld device has been hacked or stolen so that intruders can be shut out before they can do real harm.

  • Cloud Technology

The challenge of distribution and perceived lack of control over data stored across multiple mobile devices can be directly addressed by cloud technology. Cloud computing provides enterprises with the capability to store disparate data in a centralized service location while enabling tight security control. Users can leverage any mobile device to access and process their data or perform work on a series of cloud services that have control of the data. A cloud security gateway can enforce corporate policy in cloud applications and data. Check out scalable or private cloud hosting plans from Lunarpages.

Mind Your Future

Supporting a mobile workforce can be a real challenge especially with threats from malware, cloud service attacks, and phishing on the rise but the flexibility and productivity benefits of a mobile workforce far outweigh the security risks. Keep to these best practices to ensure a free, flexible, and secure mobile workforce. Mobile engagement is necessary for the future success of organizations, as is taking steps to protect & manage data for users across heterogeneous devices.

security threats

5 Major Security Threats of a Mobile Workforce

Maintaining Security for a Mobile World Part 1:

The new tech-savvy generation currently live an extremely connected life and vulnerable to security threats and thus have introduced new approaches to work including mobile and email which have become an integral part of everyday work. Mobile computing and the ability to access email and business documents ‘anytime anywhere’ is now essential for all business. This 24/7 BYOD (Bring Your Own Device) workplace trend is not going to change because it increases employee productivity and gives businesses a competitive edge. According to a report published by IDC, the U.S. mobile workforce will surpass 105 million by 2020, which is about 72.3% of the U.S. workforce. According to Citrix research, companies urgently need to make provisions for the ever increasing mobile workforce as the average employee uses over three or more mobile devices for work activities and nearly 61% of employees spend some time working outside the office. With employees, vendors, and partners file sharing and collaborating on multiple mobile devices, ensuring the security and confidentiality of company data has become a nightmare.

The diversified way of working and proliferation of mobile devices and cloud services has made secure backup, quick recovery, sharing of data, and an effective breach response more difficult.  Security analysts have predicted that by 2018 nearly 25% of corporate data will completely evade perimeter security and move directly from mobile devices to the cloud. The reputational damage from a data breach for a business can be massive, especially if the public perceive it as a preventable data breach. Companies find it hard to repair their reputation, recover their sales or even attract new customers. In this article we help you identify areas of security risk associated with diverse mobile devices.

Security Risks Of Mobility

According to Gartner, the focus of endpoint breeches will shift to tablets and smartphones by 2017. The ratio of attacks of mobile devices to desktop attacks is already 3 to 1. The major security threat and attack vectors for mobile devices can be categorized into five broad areas.

  1. Physical access

The portability and size of mobile devices make them ideal to carry around and it also makes them easy to steal or leave behind in airports, cafes or taxicabs. Theft or loss of smartphones is the biggest security risk for any business. Having physical access to a mobile device makes it easy for a criminal with malicious intent to circumvent the cleverest intrusion-detection system and also to access encrypted data.  It is possible to recover data from mobile devices even when it has been manually deleted or undergone a full factory reset using forensic data retrieval software. Having some sort of password protection can limit the damage and cost of losing a phone so all staff should ensure that their mobile device has password protection and they should also have further passwords for access to important applications. Companies should also use remote control software to delete files or even disable the phone permanently in case of loss or theft.

  1. Malware

Mobile malware Trojans are being designed to harvest passwords, steal sensitive data, and other important financial information over the mobile phone network or any connected Wi-Fi network. These are spread through bad links in SMS’s and by way of applications, where they are then free to spread to other devices.  Mobile malware security threats are generally socially engineered to trick the user into clicking on malicious links with infected malware through email, on social networking sites, and rogue applications. Even mobile ads or ‘malvertising’ and suspicious downloads are increasingly being used as part of many attacks to spread viruses. There has also been an increase in browser-based attacks, distributed denial of service, and buffer overflow exploitations to gain control of the mobile device to access data.

  1. Infected Apps

Employees often download and use apps to help with business tasks but most of them often do not even meet minimum security requirements. Developers are concerned with the functionality of the applications but not the application security. Therefore cybercriminals find unsecured apps an easy attack vector to breach mobile devices and to access enterprise assets.  Gartner found out that by 2017 nearly 75% of security breaches will be the result of mis-configured apps.

  1. Interception On Unsecured Networks

Smartphones are susceptible to Wi-Fi hacking and man-in-the-middle (MITM) attacks. Hackers can easily set up rogue Wi-Fi networks to trap people logging onto them to intercept, redirect, and even decrypt cellular data transmission.  Weaknesses in Wi-Fi hot spot services and mobile data protocols are being used regularly to hijack users’ sessions for online services, including web-based email. Employees logging on to enterprise systems from these unsecured networks may be giving hackers access to the entire corporate database. Wi-Fi access should be used with caution by all staff.  To avoid this potential risk enterprises could invest in unlimited data contracts for their staff so that they never have to use any open access points.

  1. Insider Security Threats

Company data is even at risk through employees and other malicious insiders. They can use mobile devices to misuse or misappropriate data by downloading sensitive corporate information to the device’s flash memory card, or by using email services to transmit data to external accounts and even by eluding data loss prevention (DLP) technologies. Anyone with criminal intent can also misuse personal cloud services through mobile applications to transfer enterprise data leading to data leaks that the enterprise may be totally unaware of.

Meeting the Mobility Challenge

Managing this increased risk from different security threat vectors, while empowering employees and respecting their privacy can be a daunting challenge. In the next blog article, we will share with you simple measures your organization can take to successfully secure your mobile workforce, protect your enterprise network and corporate data.

Ransomware

Protect Your Systems Against the Real Threat of Ransomware

The threat of  ransomware is real businesses and enterprises across multiple industries face daily challenges from external threats such as computer viruses and emerging malware and spyware – any one of which can potentially wreak havoc on their internet-technology systems.

No One Is Safe

Are you aware of the most recent multi-million-dollar crime extortion malware vexing everyone from hospitals to banks, police departments to even Congress?

It is ransomware and it is the latest type of malware developed by hackers to lock the system, compromise sensitive data on hard drives through encryption or prevent the computer from booting up at all.  The hackers do this with one goal in mind.  To extract money from unsuspecting victims. These victims get locked out of their computer making it incredibly difficult to gain access to all the files and other sensitive business data without the encryption key. Usually the ransom has to be paid in newer electronic payment methods such as Bitcoin and Ukash so that it cannot be traced back to the culprits. Moreover, businesses can potentially suffer a full scale data breach from ransomware infections resulting in huge fines and loss of consumer trust.

Evolution of Ransomware

Yesterday’s annoying viruses have now evolved into terminal malwares designed to steal money from its victims.

Though ransomware first came into circulation on a widespread scale in Russia between 2005 and2006, it has begun making regular headlines since 2013 with the arrival of CryptoLocker and its many variants like CryptoWall and TorrentLocker. This type of ransomware was created to encrypt files on the infected machine and to identify the country from its IP address so that the extortion message to buy the decryption key could be delivered in the local language.
With technological advances and the rise of ‘Ransomware as a Service’, hackers have progressed from targeting home users to much more sophisticated attacks on SMB’s and enterprise networks. Cyber attackers have built robust platform infrastructures using Domain Generated Algorithms and assets in Top Level Domains, Generic Top Level Domains and Country Code Top Level Domains. According to a recent report by Intel Security, the ransomware industry has grown exponentially by over 3,000% since 2012, with new threats being discovered every year.

Some of the new varieties of ransomware holding businesses to financial ransom over their data, such as Petya, Dogspectus, Ransom.Win32.Xpan and Princess Locker, display potency across infection vectors and have selective encryption and target-awareness capabilities.

Before learning how to protect your business from these dangers, you must first understand how ransomware infects computers as well as the mode of infection.  Also, become familiar with what steps your company must take to prevent, track and respond to ransomware attacks.

How Can Ransomware Get on My Computer?

Ransomware attackers utilize a number of techniques to infect users, from spear-phishing campaigns, email lures, and exploit kits, and other infections such as Angler.
Users can accidently infect their own computers with Ransomware through one of many seemingly-innocuous actions, such as inadvertently opening an infected email attachment, clicking on a malicious link or malvertisement or even visiting a compromised site.

Attackers find it much easier to gain entrance through existing browser or OS program vulnerabilities – caused by irregular updates – or weaknesses caused by previous machine malware infections.
Malware can also spread through infected removable drives including USBs and portable hard drives, and by application downloads with infected software bundles such as browser toolbars, instant messenger apps, third-party .exe files or software key generators.

Defensive Strategies to Protect Against Ransomware

No company should be without a strategy to prevent, detect, and respond to ransomware attacks as they can make your data inaccessible and grind your business to a jarring halt. While there may be no magic bullet to keep your organization’s data safe from ransomware, there are a number of steps every business should take to drastically reduce their chances of infection.

  • Educate end users about ransomware: As they say, the best offense is a good defense.  And, the first line of defense against ransomware is user awareness and education. You can block malware considerably by training employees through a variety of security awareness programs. Employees can be taught to recognize the potential dangers of opening attachments from unknown people, or clicking on suspicious links.
  • Learn about social engineering: Understanding how resourceful hackers use social engineering and clickbait techniques to spread infection can help end-users avoid those pitfalls. Periodic training sessions through interactive discussions can help employees remain alert to potential security threats they may encounter in cyberspace.
  • Authenticate incoming mail through scanning and enable filtering on your mail servers: All inbound emails should be scanned for known threats to block any suspicious attachments. Most email servers enable flagging of incoming mail that does not pass tests such as reverse IP lookup, SPF and DKIM records to filter potentially dangerous emails. Email servers can also be configured to automatically disallow any executable file with an EXE, COM or SCR extension. These preventative measures work well to stop ransomware distribution through emails.
  • Protect your system using mitigation strategies: It is possible for SMBs to protect against ransomware through controls such as application whitelisting, ensuring proper patch management for applications and operating systems (OSes), and by minimizing administrative privileges. Knowledgeable administrators can enlist whitelisting techniques to allow only secure and legitimate applications to run on your machine, thus preventing download and installation of any other executable malware on it.
  • Desktop security: With such high stakes, businesses should not skimp on the deployment of a proper, commercial desktop security suite. Further, they should layer that security with managed endpoint solutions.
  • Patch management: Because there are no infallible security products, companies should adopt an aggressive patch management on all programs to drastically increase AV effectiveness. As mentioned, malware developers try to exploit vulnerabilities in the OS, applications and even web browsers. That is why it is important to plug security holes once they have been discovered by regularly patching software and installing critical updates as soon as they become available.
  • Limit system permissions: Ransomware usually run the execution chain from temp folder so restricting program execution from temp folders can stop malware infections from spreading further. Network administrators should also limit systems’ permissions to prevent the unauthorized installation of malware on systems without an administrator’s password. The spread of malware infection can also be limited by segmenting sharing and access rights to critical data using redundant servers.
  • Be prepared with a comprehensive data backup strategy: It is absolutely vital to establish a robust backup regime in preparation for a ransomware attack. Comprehensive backup solutions for all critical business data assets can ensure the continuity of your business in case of a successful ransomware attack by restoring local and server apps and data to its pre-infection status.
  • Get to the Cloud: Ransomware works by causing disruption to your business. You can take steps to ensure business continuity by moving to the cloud, which offers a greater level of protection and overall security to a SMB. Cloud providers bundle multiple security controls like malware scanning, enhanced authentication, data loss prevention strategies and various other protections into the service to minimize the chance of a ransomware attack.  Cloud services also offer additional protection as add-ons, such as traffic scanning and site reputation checks to counter the threat of ransomware. With your data in the cloud, it should not be a major headache if your local machine becomes infected with a ransomware.

As you can see, ransomware is a very real threat. If you do not want your business to fall victim to this menace, simply follow the best practices outlined here to prepare and to protect against your well-prepared adversaries.

Protect Your Server Environment From Potential Threats

Web security and downtime are critical issues for any business that operates online. Web servers are often targets for hacking attacks by malicious cybercriminals because of the sensitive data they generally host. Attackers can exploit neglected user accounts, or an overlooked port to surreptitiously get past your server defenses.  Sometimes common administrator mistakes like badly configured virtual directories or even a forgotten share can also lead to unauthorized access. Some of the major threats to your Web server come from denial of service, unauthorized access, profiling, random code execution, privilege misuse and viruses, worms, and Trojans. So how can your business defend against various online threats while continuing to function normally?  What must you do to ensure the security of your website, web applications, network and also the web server? After all, a secure and correctly configured web server provides a protected foundation for hosting your Web applications.

Checklist For Securing Your Web Server
You may be doing most of the system administrator tasks to upkeep the server but unknowingly skipping some essential best practices. The real challenge of securing your web server is applying the right configuration settings while keeping with your security goals. Below are rough guidelines which should be a good starting point for getting your server configuration to be more secure, while ensuring convenience in your day-to-day server operations.

1. Stay On Top Of Updates

Outdated systems and applications are one of the most persistent threats in the server environment. Most security breaches and hacks are via security holes in old versions of web applications being used in forums and blogs. You must maintain a routine system upgrade for all tools and apps your business uses, both on the server-side and client-side. Pay close attention to security advisories to ensure all security flaws are patched. In rare cases where no patch has been made public for an existing vulnerability, make sure you disable the service until a patch is made available in order to remain secure.

2. Perform Regular Audits

Examine network services running on your server and look at updates from your intrusion detection system to find out if everything internally is working fine internally, such as server configurations implemented, active services, security protocols, applications running on your server and so on. Audit and monitor website access logs, operating system logs, and database server logs for abnormal log entries or strange activities to detect a successful attack or even an attempt of one. The logs should ideally be present in an isolated area of the web server to prevent any tampering.

3. Proper Firewall Configuration And Intrusion Detection

All business networks ideally need comprehensive protection in the form of firewalls, authentication, and an intrusion monitoring system. Restricting traffic to and from your server through a firewall may be a good way of limiting access others have to your server. Firewall and properly applied security protocols are a primary requirement of ensuring a secure server environment. Since most workplaces have remote workers or employees working from home, adopting VPN solutions make it possible to effectively manage their devices while enabling secure access to corporate resources and business data.

4. Eliminate Unnecessary Services

Running default operating system configurations is not secure, especially since many pre-defined modules or network services get installed, such as remote registry services, internet information services, print server service, and more. The more unnecessary services you have running on your operating system, the greater the risk of leaving more ports open to abuse from outside connections. Manage startup scripts to switch off or disable all unnecessary services from running automatically at boot-up. This helps make your attack surface smaller and also improves server performances by freeing up hardware resources.

5. Disable Unused User Accounts

User accounts are often created during software installations on the operating system. Any such unused default user accounts created should be checked properly and permissions have to be changed as required. To find out if an account is active, you can search for files owned by that user and check their last modified date before removing a user from your system. If you do not want to delete user accounts, you should disable shell access. Every administrator with access to the web server should ideally have his or her own user account set up with the correct privileges.

6. Protect Databases

Failure to protect your database (e.g. Microsoft SQL Server, MySQL, Oracle) can lead to potential loss of private sensitive information such as usernames, email addresses, etc, and it allows an attacker to add entries that may create spam or malware links on your site. You should also consider how they are accessed for routine maintenance.

7. Restrict Remote Access

Where absolutely necessary, remote access to web servers can be allowed but it should be secured properly using tunneling and encryption protocols. To ensure security of your web server, do restrict remote access to a specific number of IP’s and to specific accounts only.

8. Setup Permissions And Privileges

Anyone with malicious intent can compromise your web server security through poor file and network services permissions to carry out tasks, like executing specific harmful files. The rule of thumb is to always assign the least privileges needed for a specific network service to run, such as web server software. Also ensure that you allocate absolutely minimum privileges to the anonymous user for accessing the website, web application files, and backend data.

9. Use Security Scanners

Hackers constantly scan your server for open ports and other vulnerabilities to exploit and so should you. You should be using security scanners to automatically monitor and run advanced security checks for open ports, network services, configuration problems, and other vulnerabilities in your web server and web applications. Security scanners ensure website and server security by checking for password strength on authentication pages, cross site scripting, SQL Injections and more. It also audits shopping carts, forms, dynamic Web 2.0 content and other web applications for vulnerabilities.

Establish A Secure Server
The real challenge of managing web servers is in ensuring that they function optimally and smoothly. You can enforce the measures discussed in this article to avoid technical complexities within the hosting environment. You can continue to function normally by maintaining due diligence on server security. Know that it is an ongoing process and not something you have to do once. For business owners who want to focus on growing their business without worrying about managing their site, Lunarpages offers Managed Hosting Services with extra security features, administration and technical support.

5 Things Businesses Can Do Today to Protect Against Hackers

Every business and individual should be vigilant about online security.  Businesses are especially vulnerable because they store an ever-increasing volume of user data on their servers.  Small to medium businesses are as likely as large enterprises to suffer from data breaches. While bigger organizations have the financial muscle, resources and skill to overcome setbacks from a cyber attack, small businesses often lack the security personnel and expertise needed to protect sensitive data in the first place or to recover from any breach should they be targeted.  Sadly, regardless of size, every business will suffer a consumer trust set-back as the result of a cyber hack. The good news is that there are simple measures that can be undertaken by any business owner to protect data from being compromised and to thwart attacks.  

1. Apply Encryption Software
Today, encrypting your own confidential information and your customers’ sensitive data files is an important step to protecting against theft or hacking. In fact, in order to be in compliance with various federal and state laws, businesses must encrypt confidential data to protect their customers. Modern encryption software uses algorithms to create nearly uncrackable ciphers of unintelligible, encoded characters, so that the data being transferred online is hidden.  There are many encryption software applications available for businesses.  Ideally these solutions should feature 256 bit AES (Advanced Encryption Standard) encryption algorithm, on-­the-­fly encryption to enable easy working with encrypted files such as plain text files, easy cloud backup for multiple encrypted files to allow secure storage, keylogger protection for access to safes/vault container files with passwords, and a easily navigable user-friendly interface to make encoding confidential files an intuitive exercise. Online businesses should consider adding an extra layer of security through HTTPS and if using FTP software, it is advisable to switch to SFTP. Webmail service should have SSL encryption on login pages for clients entering user names and passwords, to prevent easy access by third party interceptors to login details. Even email should be sent via SSL encryption, especially if it contains sensitive information.

2. Use A Password Manager
Research shows that 80% of stolen or compromised user credentials are from weak passwords and over 55% of people use one password for all logins. Cybercrooks use phishing, malware and social engineering to capture usernames and passwords. Small to medium sized businesses need comprehensive protection using password managers, such as enterprise version of LastPass, to securely store and enter encrypted account login details. It may be better to use password managers to set up an encrypted and secure master password or passphrases for protecting the list of passwords saved. Password managers enable setting minimum password standards across your company accounts to meet your policy requirements, or allowing restricted access to specific devices or groups and real-time syncing across devices.

3. Ensure Proper Backup
There has been a 30% increase in denial of service attacks in the past year. These attacks take up bandwidth and tend to last longer. With hackers designing breaches to destroy or modify files on the server, and with the rise of ransomware, you can protect your business information by creating an immediate backup.  If the computer where data is stored gets lost, stolen or hacked you will need to fall back on the backup copies for uninterrupted business. According to data privacy laws, your customers have the right to request access to personal information stored about them but if the original data gets compromised in a breach, you will not be able to comply with this legal requirement if you do not have a backup copy of your customer data. For improved productivity, better security and for legal compliance, it is critical for businesses to have backup copies of their own and their customers’ confidential files.

4. Protect Your Network
Businesses have to pay special attention when securing their network.  This means taking small but significant steps such as installing antivirus software, applying OS and application updates regularly, and controlling user access to a given system or data on a ‘need to know’ basis. Employees and users are often a weak link as they inadvertently provide an easy access route to your website servers. By lowering the number of people who have access to your data, you reduce the risk of a hacker using them to steal it. Some things you can do today to help protect your network include employ strong passwords, change them frequently, have logins expire after a brief period of inactivity, and thoroughly scan all devices plugged into the network for malware. Additionally, security audits or vulnerability scans can help prevent online threats and malicious cyber attacks by monitoring the integrity of your network solutions, examining ports, firewall policies, processes and software updates. Vulnerability scans minimize any risk of downtime, prevent unauthorized access, and address urgent risks to safeguard your brand image.

5. Check Security Measures for Third-Party Providers
The Ponemon Institute lists third party providers, such as web hosts, payment processors, and call centers as security risks to businesses—especially with regards to data protection. There should be rigorous checks in place for all third party vendors to ensure they have adequate and up-to-date security measures and practices. It is absolutely vital for businesses to vet all new providers, including software providers, for security best practice compliance like the Payment Card Industry’s Data Security Standard (PCI-DSS) and cloud-security certification SSAE16. Even cloud software vendors should be asked about their certifications and security management measures before working with them. Partnering with reputable vendors and using the right tools act as a safeguard for businesses to reduce the risk of security threats. Don’t overlook this.

Protect Your Business, Your Brand and Your Customers
Today the risk of data breach is a greater challenge than ever for large, medium, and small businesses alike. For the reputation of your business and the safety of your customers, it’s important to take the necessary steps to improve your business’s data privacy and follow comprehensive security practices for critical applications & data.

Bursting Some Popular Cloud Myths

The word “Cloud” still causes a lot of confusion among people, many of whom are left wondering what it actually is. When opting for cloud hosting, businesses are renting virtual server space rather than renting or purchasing physical servers. When virtual server space is rented, it is often paid for by the hour, depending on the capacity required at any particular time. These virtualized dedicated cloud servers have gained in popularity globally, because of their enormous shared computing power.  Even core products from Microsoft to Adobe such as Office 365 and Creative Cloud use data that’s stored on remote servers. There are, however, many myths about cloud hosting that seem to worry customers’ minds when considering a cloud-hosting provider. Let’s burst some myths to get to the truth about cloud server hosting.

Myths and Truths About Cloud Server Hosting

Myth #1: Cloud Hosting is Not Secure
Fact: Cloud hosting providers are continuously improving on their best practices and compliance levels for securing critical data and applications. Nonetheless, it comes down to choosing a leading cloud hosting company with good credentials and service level agreements. The company you choose should also offer the highest levels of security with fully managed firewall protection. Cloud hosting environments ensure 100% uptime with an SOC2/SSAE16 data center, high availability server architecture with multiple servers, 256-bit encryption, automatic off site backups, firewalls, routers, uninterrupted power supply, load balancers, switches mirror disks, RAID implementation, and 24/7 onsite monitoring. Additionally, software updates, including security patches, are applied to all customers simultaneously in the multitenant system. Most hosts treat cloud security very seriously and implement the latest technology and resources to protect the cloud environment, because if the cloud were to be proven unsafe then cloud companies would lose millions in sales.  Security in the cloud, even in large cloud environments, has so far been stellar. There have been very few security breaches in the public cloud, as compared to on-premises data center environments.

Myth #2: Cloud Services Are Complicated
Fact: Cloud hosting may seem confusing with its many variations of public cloud, private cloud, hybrid cloud and even community cloud, but cloud servers are no more complex than dedicated servers or VPS. Cloud hosting actually simplifies the job of an IT manager or CTO because of its easy setup, instant provisioning through an online control panel, utilization on-demand and customization. The online control panel in cloud storage handles all the tough work; making cloud storage as easy as dragging a file to an icon.

Myth #3:  Cloud Hosting Is Expensive
Fact: Cloud hosting helps businesses save considerable financial resources and offers flexibility and adaptability for both the short and long term. It is a much cheaper alternative to shared or dedicated servers, though cost comparison may prove to be tricky. With cloud hosting you only have to pay for data storage resources you use, so it works out much cheaper than other hosting services. The cost for what you use on the cloud depends on a few factors.  These include the number of users, data size, customized backups, applications used and exchange services.  Cloud computing replaces the need for installing local servers, network equipment, power conditioning, software and antivirus software, backup solutions, dedicated server rooms, along with reducing the cost of IT staff, user support and maintenance.

Myth #4 – Cloud Performance Is Not Reliable 
Fact: In the early days of cloud computing, there may have been some performance issues. However, these problems have been attended to by the leading cloud service providers who offer unique and work-specific solutions for high powered & high speed storage with guaranteed IOPS, along with other improvements. Cloud providers have made their systems resilient to avoid outages. No system is perfect and the cloud can fail too, but the fact is that those failures are fewer and far between as compared to other alternatives. The cloud environment can be engineered to adapt to strenuous workloads and high availability requirements that avoid any performance or failure issues.

Myth #5 – There Is Only One Cloud
Fact: There are hosting providers offering cloud services from the small business to the enterprise level and there is actually more than one type of cloud—a Public Cloud, a Private Cloud and a Hybrid Cloud. A Public Cloud shares network infrastructure which is accessible from an off-site Internet source. While it is easier to share files on a Public Cloud, a Private Cloud has advanced security features and guaranteed high quality maintenance on software and infrastructure. The third type of cloud is a Hybrid Cloud, which combines aspects of a Private and a Public Cloud. For example, businesses can keep their data and applications for QuickBooks or financial software hosting on a Private Cloud and less sensitive documents can be stored on a Public Cloud.

The Bottom Line
When considering cloud hosting, it all comes down to finding a hosting provider with a proven track record.  Try looking up comparison charts to find hosts with the most resources, an appropriate array of hosting products and excellent customer support to win your business. Cloud services have moved from being a second thought to being top of mind for businesses of all sizes. Amazon and Salesforce are just a couple of companies that are shining examples of the utility of Saas platforms in the cloud revolution. But cloud computing is not just for large enterprises, it offers greater IT efficiency and capabilities for all businesses from small to medium-sized.  Smart businesses should be ready to switch to the cloud in the future to leverage cloud technology or risk being left behind by their competitors who are already taking advantage of the value and benefits of cloud computing.

Cisco’s Managed Threat Defense: A New Era for Data Security Analytics?

IT security is no laughing matter, and organizations of all sizes and in all industries can’t afford to ignore it.

As CNN reports, Target CEO Gregg Steinhafel tendered his resignation after “extensive discussions” with the board of directors. Why? Because Steinhafel was in charge when company networks were hacked in December 2013, leading to the theft of 40 million credit card numbers. Unhappy consumers prompted a 46 percent drop in Target’s profit, and the retailer is now spending $100 million to upgrade its point-of-sale (POS) technology. But as a recent Sydney Morning Herald article points out, even if new POS terminals had been installed before the breach Steinhafel couldn’t have prevented the breach from happening.

Network giant Cisco thinks it has the answer to this cycle of security failure and executive blame: Managed Threat Defense. Is this the dawn of a new era for security analytics?

Changing the Locks on IT Security

In an ideal world, network security breaches wouldn’t happen. Defenses would outpace attacks, and security vendors could say with absolute certainty that attacks were impossible. Unfortunately, the opposite is true. As noted in Cisco’s Annual Security Report, 100 percent of companies admitted that some traffic coming from their networks headed straight for malware-laden websites.

Cisco’s Managed Threat Defense solution gives security analysts a “single pane of glass” to help identify suspicious activity, according to the company’s Data Sheet. In addition, the solution offers real-time predictive analytics powered by Hadoop 2.0, which can detect anomalous network patterns, zero in on “unknown” attacks and track emerging incidents.

Cisco’s offering is a combination of on-premises hardware and software — all incoming and outgoing data is monitored 24/7 by Cisco’s security operation centers, which can respond instantly in the event of a threat.

Seeing the Future of Data Protection

The Global Security Analytics Market 2014–2018 report from Research and Markets predicts a compound annual growth rate of 10.61 percent for security analytics through 2018. And while it sounds like smoke and mirrors, predictive analytics offers tangible benefits as the enterprise market shifts from reliance on local resources to as-a-service alternatives.

Creative malware developers and virus authors are taking full advantage of security gaps to write code that alters its structure with each execution. In response, security vendors have shifted away from walling off networks, because it’s all too easy to sneak through the gate; the new goal is to predict what a program will do before it has a chance to execute.

A recent IT-Director article talks about the need for security intelligence before, during and after an incident. The idea actually comes from Cisco’s Sourcefire and dovetails perfectly with the manifesto of Managed Threat Detection: end-to-end protection.

Current solutions focus on what happens before attacks by using blacklists of email addresses, applications and websites. After is also well populated by companies that can assess the extent of damage and help enterprises get back on their feet. During is when most solutions can’t perform. Managed Threat aims to close this gap by monitoring user environments in real-time for behaviors that may be the precursors of an attack. Instead of looking for a specific code or host, the solution uses streaming telemetry to evaluate network traffic on a moment-by-moment basis, in effect predicting the future.

A Three-Sided Defense or a Single Shield?

Not all companies agree with Cisco’s model — IBM, for example, believes end-point protection is still the first line of defense against malware and other cyberthreats. But it’s hard to argue with the idea that attacks are better handled on three fronts rather than one: Defend where possible, detect when able and destroy as necessary.

[image: voyager624/iStock/ThinkStockPhotos]