Webmaster Security Threats for 2009 - Armies of zombies
(Page 2 of 3 )
It is true that, while armies of zombie computers fielded to attack large systems or servers is not a new phenomenon this year, it is likely to be a continued one. It may even grow by way of the increased number of computer systems that rely on routers and wireless connections to get onto the Internet. Just keep your eyes open for the flood, and don’t get too complacent about this threat.
On the bright side, with armies of zombie computers, you really have some tried-and-true methods under your belt to help you combat the army of unwilling machines should they come knocking at your door. Remember the first rule of dealing with zombies: when in doubt aim for the head, and all will be well.
Click Jacking
Speaking in terms of a security threat, click jacking is when someone who is not the site’s owner or administrator puts an invisible button over an existing button on a website. The goal of this is to redirect the information on a form called up by the visitor to a phony copy site where they can input their financial information, or some other form of generally secure data.
This method is insidious because a user can start on the correct site and end up on the site of a scammer without ever realizing that they have left the legitimate site. This threat can be significantly hard to detect, but it is something that will have to be checked for on a regular basis until a way to prevent it can be created and distributed on a large scale basis.
Your Shrinking Budget
While at first a budget may seem like it is purely an administrative concern, a decreased budget for the information technology department can pose a real threat to your systems. In all fairness, this may be well beyond your control. If you use a third-party hosting service that takes care of most of the security measures, it could be a cutback in their staff that allows an otherwise preventable breach to occur. To be completely honest, less people will mean less real time spent monitoring systems for breaches, or for attempts to breach the system. Having less people on hand also means less time to examine emerging threats and less time spent on mitigation by the company.
Less people with more to do, and less time for system monitoring and advance threat mitigation, will be a serious concern for many web masters who do not choose to do their own hosting. Also, if you happen to be working for those hosts, or if you company self-hosts, I would not expect too much in the way of training and development right now. Take the initiative and be sure to do a lot of self-study about the emerging threats that could be heading your way.
Next: Operating System Attacks >>
More Web Hosting Security Articles
More By Katie Gatto
