Is the Internet Safe? PDF Print E-mail

The internet is a wild jungle where dangerous animals (hackers) lurk in the shadows waiting to exploit a moment of weakness for their attack. Is the internet safe? No just "no", "hell no".

We live in a time where everything is sanitized for our protection. We assume that if we are allowed to do something it must be safe. The internet is no such place. Anyone with a computer can get a high-speed internet connection, load up thier computer with juicy personal information, and connect it to the internet for every hacker and script-kiddie in the world to try to break in or disable it...and they will. Usually within a few hours.

Put a web/mail server on the internet and you are asking for even more trouble. Hackers routinely attack our web server, yet rarely break in. We employ a multi-level security strategy ("defense in depth") to prevent hackers from getting in, limit the damage they can do if they *do* get in, and detect when our defenses have been breached to enable a rapid response.

Firewalls

The first line of defense is a firewall. Anyone connected to the internet, not matter how or where, should have both a firewall protecting their computer (Windows Firewall, McAffee, et al) and a network firewall, usually part of or just inside of their internet router. Firewalls can prevent a slew of attacks by blocking specific IP, TCP, and UDP traffic that has no legitimit purpose. Look for Stateful Packet Inspection (SPI) capabilities when selecting a firewall. This enables filtering not only on the protocol being used, but also the current state of the session (for TCP).

If you're running public network services, such as a web or email server, the firewall can only detect a small portion of the possible attacks. You're still open to vulnerability scans, exploits, and Denial of Service (DoS) attacks. Don't stop at a firewall.

Intrusion Detection / Prevention (IDS/IPS)

The next line of defense is Intrusion Detection (IDS) and Intrusion Prevention Systems (IPS). An IDS will detect an attack but can't do anything to stop it. This is useful only if you're monitoring your network 24x7. An IPS can take actions to thwart an attack in progress. The obvious choice is IPS.

There are two flavors of IPS: network-based and host-based. Use both if you can. Network-based IPS sits inside your external firewall. It examines traffic that the firewall allowed through to detect various security attacks. When one is detected it can take a range of actions, from reporting the attempt to blocking access from the offending IP address. For large networks a network-based IPS is a must, as it allows central administration and a central point of control.

Host-based IPS is important for backing up the network-based IPS. There are actions that can be taken and attacks that can be detected on a host-based IPS that a network-based IPS cannot prevent, such as brute-force password attacks.

Our Host-based IPS Approach

We utilize a proprietary host-based IPS that watches system activity for various attacks. When an attack is detected our IPS immediately shuts off access from the offending IP address through integration with the host-based firewall. Some of the attackes we are able to detect and prevent:

  • Distributed Denial of Service mail attacks
  • Brute-force password attacks
  • Attempts to deliver spam to our mail server
  • RFI attacks to our web sites

"Defense in Depth" utilizes multiple security measures to detect, prevent, and notify in case of an attack. By utilizing a multi-lay approach we're able to prevent hackers from accessing our systems, contain the damage if they do get through, and notify someone immediately so corrective actions can begin immediately. This differentiates our hosting services from the $9.99/month hosting: they will offer, at best, a generic firewall (most do not), they will not detect that your web server has been hacked, and once hacked, they will not do anything to fix it.

 

©2008 Elvan Business Technologies, LLC