- February 21, 2023
- wrixte.co
We all know cyber-crime is growing rapidly but since the inception of covid19 the cyber-crime took a massive jump and various industry sources say that just within the past 4 week cyber threats have grown by 800%. We are in a time where cybersecurity can not be ignored at all.
In the past 3 weeks many organizations on various levels have faced cyber attacks, I received emails and phone calls inquiring about what better cybersecurity measures they can take to protect their digital assets.
So I decided to write a series of posts on cybersecurity. This is the very first blog of this series:
Many people believe that their business is small and cyber criminals will not target them. It’s a big myth. Cyber criminals do not look at the size or revenue of the business before attacking it.
Another thing is that the majority of cyber attacks are automated. Cyber criminals configure some automated scripts known as bots and these bots continuously look for vulnerable servers and applications and hit them.
In this whole automated attack process; size and revenue of the business does not matter at all, as bots or automated scripts are designed to look for vulnerable targets, not the size and revenue of the business.
Another big myth that the majority of people have is SSL/TLS and Firewall protects their business applications and servers.
Let me clarify that SSL/TLS which stands for Secure Socket Layer/ Transport Layer Security; only ensures secure communication between the client and server. But still having SSL/TLS does not mean that the communication between application/server and clients/users are fully secure. So many other factors work here which I will talk about later.
When it comes to firewalls, most people use cloud flare WAF. Cloud flare is a DNS based web application firewall, it only works when the cyber criminal attacks your website using it’s domain name. If the attacker uses the IP address of your server to attack the server then cloud flare WAF won’t be able to do anything as the attacker won’t go through the DNS server.
For cyber criminals it’s not at all a big deal to identify the actual IP address of your web server.
Now the big question is how organizations can protect their digital assets ? What kind of cybersecurity measures organizations should take to protect their IT assets ?
Cybersecurity can not be addressed using any single security solution such as firewall or IDS/IPS. Organizations should have a strategic multi-layer cybersecurity process to combat and mitigate the modern cyber threats.
Some of you may say that multi-layer cybersecurity will be very expensive for small and medium size businesses.
Again it’s a big myth among corporate leaders that the multi-later cybersecurity will cost a lot of money. In reality cybersecurity does not require big investments. You simply need to learn and follow some golden rules of cybersecurity and that will be enough to counter the modern cyber threats.
The very first golden rule of cybersecurity is one server one service : the majority of us use servers where so many services are installed such as multiple programming languages, multiple databases, email servers, ftp services and a lot more other packages and services which are not at all required.
Your website is built on top of PHP 7.4 and using MySQL as database, so technically your server should only have PHP 7.4 and MySQL installation, nothing apart from it. But our servers with cpanel and plesk come with a whole lot of services and application packages which our web application hardly uses or we install all the unnecessary stuff without understanding anything.
This creates many security issues. The more services and packages means a bigger attack surface for cyber criminals. I have personally witnessed many servers with end of life, unsupported, and outdated services installed. Attackers target these outdated services or packages and attack them using various exploits and malwares.
Another golden rule of cybersecurity is : Always install security patches into your servers and keep servers fully updated.
Nothing is immune to cyber threats and no software developed in this world is vulnerability free. Organizations continuously test their software and release security patches. Microsoft releases security patches the second Tuesday of each month.
When it comes to Linux they are pretty much faster than Microsoft, The average vulnerability patch release time of Linux is just 7 hours. So keep an eye on security patch releases, install it as early as possible and keep your servers secure and immune to cyber attacks.
Continuously perform vulnerability scans to discover any hidden vulnerability which can be exploited, Perform the vulnerability scan, identify vulnerable ports and services and patch them before they get exploited by any cyber criminal or automated script or bot.
These were the process part now it’s time to focus on cybersecurity controls that you need to have in your network or servers.
- Make sure you have proper access control and authentication mechanisms on your application and servers. Public facing applications should be executed using a no-shell, no-login user.
- Harden your Linux server, enable IP tables and SE-Linux. Only open required ports publicly.
- Only use strong usernames and passwords. Don’t use well known usernames such as Admin, Administrators etc. Passwords should be at least 14 characters long and should be made using the combination of upper case, lower case, numeric and special characters. Along with password policy, organizations should also have a strong username policy to better address cybersecurity.
- Use a server based web application firewall along with some DNS based firewall such as Cloud flare for additional layers of protection.
- Install SSL/TLS certificates to ensure communication level security. SSL protocol is outdated and insecure; it has been replaced by TLS protocol long ago. Make sure you use TLS1.2 or higher as anything lower than TLS1.2 is vulnerable and insecure.
- The TLS1.2 certificate size should be at least 2048bit.
- Another very important activity is log monitoring. Keep an eye on system logs as logs will give in-depth information about your system activities.
It’s a big list of activities. In my upcoming blog, I will talk about how you can execute these cybersecurity activities into your organization. I will share details about the tools and techniques which can help you deploy all the required cybersecurity measures.
Thank you for reading.