SlideShare ist ein Scribd-Unternehmen logo

Dontgethacked

H
Hacker Target

Open source vulnerability assessment tools enable you to detect and fix security problems with your Internet connected systems before the hackers do. Having them online from HackerTarget.com is convenient and cost saving.

Technologie
1 von 7
Downloaden Sie, um offline zu lesen
Don't Get Hacked Automated Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: August 2007 Summary: This white paper describes advantages of using Open Source Vulnerability Analysis tools to protect your Internet facing servers. While acknowledging that Vulnerability Analysis is only a part of the solution to securing your server, it is clear that a reliable ongoing vulnerability analysis is a step in the right direction.
Table of Contents 1. Introduction............................................................................... ......................1 2. Reasons for an increasing threat landscape....................................................2 . 3. Common areas that are attacked..................................................................... .3 3.1 Poorly Configured Servers.................................................................... ..........3 3.2 Software that is not updated.............................................................. ............3 3.3 Web Scripts............................................................................ ........................3 3.4 Poor ssh password security.................................................................... ........3 3.5 Password Reuse.................................................................... .........................3 4. Uses of a compromised host....................................................................... 4 ...... 4.1 Spamming host.............................................................................................. .4 4.2 Distribution of Malware.................................................................. ................4 4.3 Phishing sites.............................................................................. ...................4 4.4 Warez File Storage.............................................................. ...........................4 5. Do you really need a reason to stay secure?......................... ..........................4 . 6. Why you should use HackerTarget.com....................................................... 5 ..... 6.1 Other Options................................................................................ .................5 7. Contact HackerTarget.com...................................................... .........................5
Automated remote Vulnerability analysis services 1 1. Introduction Online threats against internet servers are becoming more widespread, with attacks becoming more devastating everyday. Examples like the recent “Italian Job” Mpack attack and the Microsoft UK Defacement are only 2 of an increasing number of serious attacks. It is not only well known high value targets that are being attacked, in fact the number of small web hosts and web sites being attacked is increasing dramatically. Increasingly profit is the main motive in compromising hosts, and when examining the intended use of the compromised host we can find many examples where a number of small web hosting servers can be of more value than a major corporate web server. Protecting internet servers against all but the most determined of attackers is not difficult. The spate of recent compromised hosts is more a matter of laziness and priorities rather than highly skilled attacks. The smaller web hosts and organizations may not pick up the compromise immediately and here at HackerTarget we have investigated systems that were under the control of an attacker for up to 6 months before the breach was noticed. An online vulnerability assessment is an efficient way to increase your internet security posture and stay secure. HackerTarget.com © 2007
Automated remote Vulnerability analysis services 2 2. Reasons for an increasing threat landscape Automated methods of attack and easy access to exploits are the main reasons for the increasing ease that servers are being popped. In fact if you want to prove how easy it is go to http://www.milw0rm.com and select one of the recent web application exploits. Then go to Google and type in the quot;Google Dorkquot; - such as quot;powered by scriptnamequot;. See how many vulnerable applications on servers all around the web you can find in 5 minutes. I would advise you not to go any further than this, without consulting your lawyer!! Please note that we have nothing personal against the service provided by Milw0rm, it is merely the most well known and accessible place to get working exploits. HackerTarget.com © 2007
Automated remote Vulnerability analysis services 3 3. Common areas that are attacked 3.1 Poorly Configured Servers Whether it is bad permissions, a mis-configured web or mail server or a temporary fix that was done when the clock was ticking - poorly configured servers are everywhere and often due to time constraints it doesn't take much for even an expert Systems Administrator to slip up now and then. 3.2 Software that is not updated Server operating systems and applications all need to be updated when security updates are released. This is not optional! Use of Windows Update, Yum and Apt tools for easy updating of servers has been great for reducing the number of vulnerable hosts, however there are still many hosts that get overlooked. It is only a matter of time until vulnerable service is discovered and the system is compromised. 3.3 Web Scripts PHP and ASP applications and scripts are a great way to get dynamic websites working quickly, however that is not the end. Like operating systems and software these must be updated when security updates are made available. Updates for these scripts are constant and they can be easily overlooked - until the day your blog is compromised and starts serving up malicious iframes to your unsuspecting audience. 3.4 Poor ssh password security The use of strong passwords on all internet facing hosts is essential. It is a simple matter to view the ssh log for any internet facing host and see how often the system is being hit by brute force ssh attacks. 3.5 Password Reuse Let say you pay close attention to your server and are confident there are no holes available to an external attacker. In fact you regularly post on forums around the web about how good your servers are. It just so happens that one of the forums you are posting to is not as vigilant as yourself. One day you wake up to find your main page has been defaced and you are losing sales every minute - not only that but your PayPal account has been emptied! How did this happen? Investigation has revealed the forum you use had its user database hacked and you used the same password on the forum as the one you use on your web mail. In your web mail an attacker has found your servers logon details. oops. HackerTarget.com © 2007
Automated remote Vulnerability analysis services 4 4. Uses of a compromised host 4.1 Spamming host A straight up spamming operation. Using your server to send out hundreds of thousands of spamming emails is a profitable use of your compromised host. This will go on until you stop it or you get blacklisted and the spammer finds another use for your server. 4.2 Distribution of Malware Using your web server to serve up content - just what it was made for right? What if the content is malicious, loading and exploiting your customers or users, spreading nasty key logging malware that is compromising their desktops and eventually emptying their bank accounts. 4.3 Phishing sites Those phony email's we have all seen with a fake paypal page or internet banking page. What if those fake pages are being served up from your web host. 4.4 Warez File Storage Pirated software, movies or other valuable illegal files may be stored and served up from your server. 5. Do you really need a reason to stay secure? Prevent costly downtime in the event of a security breach • Provides assurance to your customers that you value information • security Avoids loss of reputation in the event of a security breach • HackerTarget.com © 2007
Automated remote Vulnerability analysis services 5 6. Why you should use HackerTarget.com * non-intrusive scan of your network / host perimeter * identify security problems on your internet server and web sites * results delivered to you weekly * security is an ongoing process so we give you an ongoing helping hand * detailed technical reports delivered to you by email for further investigation * Technical Security Intelligence that will allow follow up remediation by your staff, consultants or HackerTarget.com * allows you to concentrate on doing what you do best - getting on with business * best of all its affordable - security shouldn't cost the earth 6.1 Other Options * Conduct the scan yourself Using the freely available scanners such as Nessus, Nmap, Nikto and SQLiX you can run the scans yourself. While familiarization with Linux will be a help, it is a great way to get some technical understanding of these excellent tools and the theory behind them. * Use other more corporate services that will give you much more polished reports for a much higher price but essentially contain the same results data. * Not worry about security and just cross your fingers and hope for the best. :) 7. Contact HackerTarget.com Further information on the scanning options available can be found at our website. Visit HackerTarget.com today for an immediate vulnerability scan or contact us for a free consulting services quote. Email: info@hackertarget.com web: http://www.hackertarget.com HackerTarget.com © 2007

Empfohlen

Alaska Railway Routes
Alaska Railway RoutesAlaska Railway Routes
Alaska Railway RoutesRafael Cedrés Jorge
 
Trem El Transcantabrico
Trem El TranscantabricoTrem El Transcantabrico
Trem El TranscantabricoRafael Cedrés Jorge
 
Whether That Such
Whether That SuchWhether That Such
Whether That Suchquocphan
 
Blue train Africa
Blue train AfricaBlue train Africa
Blue train AfricaRafael Cedrés Jorge
 
Nubes Impresionantes
Nubes ImpresionantesNubes Impresionantes
Nubes ImpresionantesRafael Cedrés Jorge
 
Treinen
TreinenTreinen
TreinenRafael Cedrés Jorge
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Empfohlen

Alaska Railway Routes
Alaska Railway RoutesAlaska Railway Routes
Alaska Railway RoutesRafael Cedrés Jorge
 
Trem El Transcantabrico
Trem El TranscantabricoTrem El Transcantabrico
Trem El TranscantabricoRafael Cedrés Jorge
 
Whether That Such
Whether That SuchWhether That Such
Whether That Suchquocphan
 
Blue train Africa
Blue train AfricaBlue train Africa
Blue train AfricaRafael Cedrés Jorge
 
Nubes Impresionantes
Nubes ImpresionantesNubes Impresionantes
Nubes ImpresionantesRafael Cedrés Jorge
 
Treinen
TreinenTreinen
TreinenRafael Cedrés Jorge
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Empfohlen

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Empfohlen (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

Dontgethacked

  • 1. Don't Get Hacked Automated Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: August 2007 Summary: This white paper describes advantages of using Open Source Vulnerability Analysis tools to protect your Internet facing servers. While acknowledging that Vulnerability Analysis is only a part of the solution to securing your server, it is clear that a reliable ongoing vulnerability analysis is a step in the right direction.
  • 2. Table of Contents 1. Introduction............................................................................... ......................1 2. Reasons for an increasing threat landscape....................................................2 . 3. Common areas that are attacked..................................................................... .3 3.1 Poorly Configured Servers.................................................................... ..........3 3.2 Software that is not updated.............................................................. ............3 3.3 Web Scripts............................................................................ ........................3 3.4 Poor ssh password security.................................................................... ........3 3.5 Password Reuse.................................................................... .........................3 4. Uses of a compromised host....................................................................... 4 ...... 4.1 Spamming host.............................................................................................. .4 4.2 Distribution of Malware.................................................................. ................4 4.3 Phishing sites.............................................................................. ...................4 4.4 Warez File Storage.............................................................. ...........................4 5. Do you really need a reason to stay secure?......................... ..........................4 . 6. Why you should use HackerTarget.com....................................................... 5 ..... 6.1 Other Options................................................................................ .................5 7. Contact HackerTarget.com...................................................... .........................5
  • 3. Automated remote Vulnerability analysis services 1 1. Introduction Online threats against internet servers are becoming more widespread, with attacks becoming more devastating everyday. Examples like the recent “Italian Job” Mpack attack and the Microsoft UK Defacement are only 2 of an increasing number of serious attacks. It is not only well known high value targets that are being attacked, in fact the number of small web hosts and web sites being attacked is increasing dramatically. Increasingly profit is the main motive in compromising hosts, and when examining the intended use of the compromised host we can find many examples where a number of small web hosting servers can be of more value than a major corporate web server. Protecting internet servers against all but the most determined of attackers is not difficult. The spate of recent compromised hosts is more a matter of laziness and priorities rather than highly skilled attacks. The smaller web hosts and organizations may not pick up the compromise immediately and here at HackerTarget we have investigated systems that were under the control of an attacker for up to 6 months before the breach was noticed. An online vulnerability assessment is an efficient way to increase your internet security posture and stay secure. HackerTarget.com © 2007
  • 4. Automated remote Vulnerability analysis services 2 2. Reasons for an increasing threat landscape Automated methods of attack and easy access to exploits are the main reasons for the increasing ease that servers are being popped. In fact if you want to prove how easy it is go to http://www.milw0rm.com and select one of the recent web application exploits. Then go to Google and type in the quot;Google Dorkquot; - such as quot;powered by scriptnamequot;. See how many vulnerable applications on servers all around the web you can find in 5 minutes. I would advise you not to go any further than this, without consulting your lawyer!! Please note that we have nothing personal against the service provided by Milw0rm, it is merely the most well known and accessible place to get working exploits. HackerTarget.com © 2007
  • 5. Automated remote Vulnerability analysis services 3 3. Common areas that are attacked 3.1 Poorly Configured Servers Whether it is bad permissions, a mis-configured web or mail server or a temporary fix that was done when the clock was ticking - poorly configured servers are everywhere and often due to time constraints it doesn't take much for even an expert Systems Administrator to slip up now and then. 3.2 Software that is not updated Server operating systems and applications all need to be updated when security updates are released. This is not optional! Use of Windows Update, Yum and Apt tools for easy updating of servers has been great for reducing the number of vulnerable hosts, however there are still many hosts that get overlooked. It is only a matter of time until vulnerable service is discovered and the system is compromised. 3.3 Web Scripts PHP and ASP applications and scripts are a great way to get dynamic websites working quickly, however that is not the end. Like operating systems and software these must be updated when security updates are made available. Updates for these scripts are constant and they can be easily overlooked - until the day your blog is compromised and starts serving up malicious iframes to your unsuspecting audience. 3.4 Poor ssh password security The use of strong passwords on all internet facing hosts is essential. It is a simple matter to view the ssh log for any internet facing host and see how often the system is being hit by brute force ssh attacks. 3.5 Password Reuse Let say you pay close attention to your server and are confident there are no holes available to an external attacker. In fact you regularly post on forums around the web about how good your servers are. It just so happens that one of the forums you are posting to is not as vigilant as yourself. One day you wake up to find your main page has been defaced and you are losing sales every minute - not only that but your PayPal account has been emptied! How did this happen? Investigation has revealed the forum you use had its user database hacked and you used the same password on the forum as the one you use on your web mail. In your web mail an attacker has found your servers logon details. oops. HackerTarget.com © 2007
  • 6. Automated remote Vulnerability analysis services 4 4. Uses of a compromised host 4.1 Spamming host A straight up spamming operation. Using your server to send out hundreds of thousands of spamming emails is a profitable use of your compromised host. This will go on until you stop it or you get blacklisted and the spammer finds another use for your server. 4.2 Distribution of Malware Using your web server to serve up content - just what it was made for right? What if the content is malicious, loading and exploiting your customers or users, spreading nasty key logging malware that is compromising their desktops and eventually emptying their bank accounts. 4.3 Phishing sites Those phony email's we have all seen with a fake paypal page or internet banking page. What if those fake pages are being served up from your web host. 4.4 Warez File Storage Pirated software, movies or other valuable illegal files may be stored and served up from your server. 5. Do you really need a reason to stay secure? Prevent costly downtime in the event of a security breach • Provides assurance to your customers that you value information • security Avoids loss of reputation in the event of a security breach • HackerTarget.com © 2007
  • 7. Automated remote Vulnerability analysis services 5 6. Why you should use HackerTarget.com * non-intrusive scan of your network / host perimeter * identify security problems on your internet server and web sites * results delivered to you weekly * security is an ongoing process so we give you an ongoing helping hand * detailed technical reports delivered to you by email for further investigation * Technical Security Intelligence that will allow follow up remediation by your staff, consultants or HackerTarget.com * allows you to concentrate on doing what you do best - getting on with business * best of all its affordable - security shouldn't cost the earth 6.1 Other Options * Conduct the scan yourself Using the freely available scanners such as Nessus, Nmap, Nikto and SQLiX you can run the scans yourself. While familiarization with Linux will be a help, it is a great way to get some technical understanding of these excellent tools and the theory behind them. * Use other more corporate services that will give you much more polished reports for a much higher price but essentially contain the same results data. * Not worry about security and just cross your fingers and hope for the best. :) 7. Contact HackerTarget.com Further information on the scanning options available can be found at our website. Visit HackerTarget.com today for an immediate vulnerability scan or contact us for a free consulting services quote. Email: info@hackertarget.com web: http://www.hackertarget.com HackerTarget.com © 2007