October 22, 2009
Four Ways to Prevent Website Defacement
We have all seen passing trains or perhaps drove by an old building littered with graffiti. Whether it is a wall, fence or barrier, some people feel the need to make a statement by defacing property that does not belong to them. Unfortunately, similar acts occur quite frequently in the virtual world of the internet. There are many unscrupulous characters in cyberspace out to hack into a web server and deface your website with their own form of graffiti. Why do they do it? Motivation varies, but it is usually to embarrass the victim or to obtain bragging rights within their circle of hackers. There is often money to be claimed when nasty corporate battles are involved. Whatever the reason, it is never justifiable to the webmaster or site owner who has just been victimized by defacing.
Defense Against Defacing Techniques
There are several ways a hacker can go about gaining access to system and changing the content on a website. Some of the most common methods involve directly accessing the sever through security flaws in the web server, web applications or operating system. Other vulnerabilities are exploited on the client side through techniques such as session hijacking, browser-based attacks and executing remote code. No matter how they gain access, you need to make yourself aware that there are preventative measures that can be taken to keep the hackers out and avoid defacement.
Preventing defacement is all about securing data stored on both server and client systems. This can actually be done in many ways, with the following five being among the most effective:
1.) Make website security a priority. For some, this begins with ensuring that all servers are physically secure. Whether it is in a data center or in-house environment, your server hardware and communications equipment should be locked in an area that is only accessible by authorized personnel.
2.) Focus on web server security. Keeping your servers locked up ensures physical security, but what about the data and applications stored on the hardware? Technology has made it to where criminals mainly operate through network connections to exploit vulnerable applications and computer systems. The best way to ensure security for your server platform is to apply regular updates and patches to your operating system, web server program and any other applications running on the machine. In addition, you should make sure that any important data residing or communicating with the server is encrypted.
3.) Place an Emphasis on web applications. Most successful defacement exploits and website attacks are enabled by vulnerabilities that exist within web applications. If you have your own team that develops these applications, devise some practices that ensure they are sticking to secure code and eliminating all gaps that could possibly be exploited.
4.) Conduct routine security tests. Do you know if your website is currently at the mercy of defacement? How would you? Well, you can sit back and wait for an attack to happen, or go on the offensive by putting a security system in place that searches for vulnerabilities on a regular basis.
Categories: Security Issues