Webmaster Security Threats for 2009 - Operating System Attacks
(Page 3 of 3 )
If you are running on Windows-based hosting, either self-hosted or third-party, then you will want to be careful of more operating-system-based attacks. That is not to say that people who host on Linux don’t have some risk, but Windows-based users know that they have the highest risk of OS attacks and viruses.
(No, this is not bias, it is simply a fact that popularity breeds more attacks. Please spare us all having to hear the OS debate for the hundredth time. I’m not saying that you shouldn’t use Windows, just that if you choose Windows, you should be prepared for the attacks that are based on your choice of OS).
Smarter Viruses that Evade Detection
Viruses will be getting more tricky and harder to detect as time progresses. Events like the release of Metasploit 3.2 will enable people with less than honorable intentions to create better and faster viruses that will be able to get by virus software with less work and less skill behind them. Be wary of this influx of viruses, and be aware that at some point in this year, to be truly secure, you may want to consider adding in new systems to detect viruses. These may be systems that forgo signature-based virus scanning entirely and use techniques like application heuristics or application whitelisting instead. These could end up being a valuable part of your virus protection package.
Attacks Based on Mobile Phones and Devices
As smart phones that can do it all, and other wireless-enabled devices show up in more and more hands of the people in power, they will become a target for both theft and hacking. What is the simplest way to get access to every piece of data in your company's systems? Why, to hack the president's BlackBerry, of course!
Be sure to educate senior-level users about possible threats so that devices are not left around for everyone to see or grab. Also be sure that devices are properly secured when they are connected to your networks. Be wary of files stored on these devices, and doubly suspicious of Bluetooth headsets, as some of the models can have their pairing signals cloned, and information can be gleaned this way.
Check out any model that your company uses to see if it is a potential threat, though some systems will be known to be more serious of threats than others. If you know about a vulnerable model, you should try to convince seniors not to purchase them for work. Remember that these devices can be handy for checking on your site or even for making minor changes/storing site files, but if you run a business site, this should be a strictly hands-off option for security's sake.
Exiting Staff
When people are laid off, they are less than happy about it. The ones with technical skills, or big mouths, may try to take a parting shot. If you run a business site and you lay off someone who has the passwords to the site, it is time to change the passwords. No ifs or arguments allowed.
Now that you know what to watch out for, things should be a lot easier in 2009.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
