SlideShare a Scribd company logo

Dontgethacked

H
Hacker Target

Open source vulnerability assessment tools enable you to detect and fix security problems with your Internet connected systems before the hackers do. Having them online from HackerTarget.com is convenient and cost saving.

Technology
1 of 7
Download to read offline
Don't Get Hacked Automated Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: August 2007 Summary: This white paper describes advantages of using Open Source Vulnerability Analysis tools to protect your Internet facing servers. While acknowledging that Vulnerability Analysis is only a part of the solution to securing your server, it is clear that a reliable ongoing vulnerability analysis is a step in the right direction.
Table of Contents 1. Introduction............................................................................... ......................1 2. Reasons for an increasing threat landscape....................................................2 . 3. Common areas that are attacked..................................................................... .3 3.1 Poorly Configured Servers.................................................................... ..........3 3.2 Software that is not updated.............................................................. ............3 3.3 Web Scripts............................................................................ ........................3 3.4 Poor ssh password security.................................................................... ........3 3.5 Password Reuse.................................................................... .........................3 4. Uses of a compromised host....................................................................... 4 ...... 4.1 Spamming host.............................................................................................. .4 4.2 Distribution of Malware.................................................................. ................4 4.3 Phishing sites.............................................................................. ...................4 4.4 Warez File Storage.............................................................. ...........................4 5. Do you really need a reason to stay secure?......................... ..........................4 . 6. Why you should use HackerTarget.com....................................................... 5 ..... 6.1 Other Options................................................................................ .................5 7. Contact HackerTarget.com...................................................... .........................5
Automated remote Vulnerability analysis services 1 1. Introduction Online threats against internet servers are becoming more widespread, with attacks becoming more devastating everyday. Examples like the recent “Italian Job” Mpack attack and the Microsoft UK Defacement are only 2 of an increasing number of serious attacks. It is not only well known high value targets that are being attacked, in fact the number of small web hosts and web sites being attacked is increasing dramatically. Increasingly profit is the main motive in compromising hosts, and when examining the intended use of the compromised host we can find many examples where a number of small web hosting servers can be of more value than a major corporate web server. Protecting internet servers against all but the most determined of attackers is not difficult. The spate of recent compromised hosts is more a matter of laziness and priorities rather than highly skilled attacks. The smaller web hosts and organizations may not pick up the compromise immediately and here at HackerTarget we have investigated systems that were under the control of an attacker for up to 6 months before the breach was noticed. An online vulnerability assessment is an efficient way to increase your internet security posture and stay secure. HackerTarget.com © 2007
Automated remote Vulnerability analysis services 2 2. Reasons for an increasing threat landscape Automated methods of attack and easy access to exploits are the main reasons for the increasing ease that servers are being popped. In fact if you want to prove how easy it is go to http://www.milw0rm.com and select one of the recent web application exploits. Then go to Google and type in the quot;Google Dorkquot; - such as quot;powered by scriptnamequot;. See how many vulnerable applications on servers all around the web you can find in 5 minutes. I would advise you not to go any further than this, without consulting your lawyer!! Please note that we have nothing personal against the service provided by Milw0rm, it is merely the most well known and accessible place to get working exploits. HackerTarget.com © 2007
Automated remote Vulnerability analysis services 3 3. Common areas that are attacked 3.1 Poorly Configured Servers Whether it is bad permissions, a mis-configured web or mail server or a temporary fix that was done when the clock was ticking - poorly configured servers are everywhere and often due to time constraints it doesn't take much for even an expert Systems Administrator to slip up now and then. 3.2 Software that is not updated Server operating systems and applications all need to be updated when security updates are released. This is not optional! Use of Windows Update, Yum and Apt tools for easy updating of servers has been great for reducing the number of vulnerable hosts, however there are still many hosts that get overlooked. It is only a matter of time until vulnerable service is discovered and the system is compromised. 3.3 Web Scripts PHP and ASP applications and scripts are a great way to get dynamic websites working quickly, however that is not the end. Like operating systems and software these must be updated when security updates are made available. Updates for these scripts are constant and they can be easily overlooked - until the day your blog is compromised and starts serving up malicious iframes to your unsuspecting audience. 3.4 Poor ssh password security The use of strong passwords on all internet facing hosts is essential. It is a simple matter to view the ssh log for any internet facing host and see how often the system is being hit by brute force ssh attacks. 3.5 Password Reuse Let say you pay close attention to your server and are confident there are no holes available to an external attacker. In fact you regularly post on forums around the web about how good your servers are. It just so happens that one of the forums you are posting to is not as vigilant as yourself. One day you wake up to find your main page has been defaced and you are losing sales every minute - not only that but your PayPal account has been emptied! How did this happen? Investigation has revealed the forum you use had its user database hacked and you used the same password on the forum as the one you use on your web mail. In your web mail an attacker has found your servers logon details. oops. HackerTarget.com © 2007
Automated remote Vulnerability analysis services 4 4. Uses of a compromised host 4.1 Spamming host A straight up spamming operation. Using your server to send out hundreds of thousands of spamming emails is a profitable use of your compromised host. This will go on until you stop it or you get blacklisted and the spammer finds another use for your server. 4.2 Distribution of Malware Using your web server to serve up content - just what it was made for right? What if the content is malicious, loading and exploiting your customers or users, spreading nasty key logging malware that is compromising their desktops and eventually emptying their bank accounts. 4.3 Phishing sites Those phony email's we have all seen with a fake paypal page or internet banking page. What if those fake pages are being served up from your web host. 4.4 Warez File Storage Pirated software, movies or other valuable illegal files may be stored and served up from your server. 5. Do you really need a reason to stay secure? Prevent costly downtime in the event of a security breach • Provides assurance to your customers that you value information • security Avoids loss of reputation in the event of a security breach • HackerTarget.com © 2007
Automated remote Vulnerability analysis services 5 6. Why you should use HackerTarget.com * non-intrusive scan of your network / host perimeter * identify security problems on your internet server and web sites * results delivered to you weekly * security is an ongoing process so we give you an ongoing helping hand * detailed technical reports delivered to you by email for further investigation * Technical Security Intelligence that will allow follow up remediation by your staff, consultants or HackerTarget.com * allows you to concentrate on doing what you do best - getting on with business * best of all its affordable - security shouldn't cost the earth 6.1 Other Options * Conduct the scan yourself Using the freely available scanners such as Nessus, Nmap, Nikto and SQLiX you can run the scans yourself. While familiarization with Linux will be a help, it is a great way to get some technical understanding of these excellent tools and the theory behind them. * Use other more corporate services that will give you much more polished reports for a much higher price but essentially contain the same results data. * Not worry about security and just cross your fingers and hope for the best. :) 7. Contact HackerTarget.com Further information on the scanning options available can be found at our website. Visit HackerTarget.com today for an immediate vulnerability scan or contact us for a free consulting services quote. Email: info@hackertarget.com web: http://www.hackertarget.com HackerTarget.com © 2007

Recommended

Alaska Railway Routes
Alaska Railway RoutesAlaska Railway Routes
Alaska Railway RoutesRafael Cedrés Jorge
 
Trem El Transcantabrico
Trem El TranscantabricoTrem El Transcantabrico
Trem El TranscantabricoRafael Cedrés Jorge
 
Whether That Such
Whether That SuchWhether That Such
Whether That Suchquocphan
 
Blue train Africa
Blue train AfricaBlue train Africa
Blue train AfricaRafael Cedrés Jorge
 
Nubes Impresionantes
Nubes ImpresionantesNubes Impresionantes
Nubes ImpresionantesRafael Cedrés Jorge
 
Treinen
TreinenTreinen
TreinenRafael Cedrés Jorge
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Recommended

Alaska Railway Routes
Alaska Railway RoutesAlaska Railway Routes
Alaska Railway RoutesRafael Cedrés Jorge
 
Trem El Transcantabrico
Trem El TranscantabricoTrem El Transcantabrico
Trem El TranscantabricoRafael Cedrés Jorge
 
Whether That Such
Whether That SuchWhether That Such
Whether That Suchquocphan
 
Blue train Africa
Blue train AfricaBlue train Africa
Blue train AfricaRafael Cedrés Jorge
 
Nubes Impresionantes
Nubes ImpresionantesNubes Impresionantes
Nubes ImpresionantesRafael Cedrés Jorge
 
Treinen
TreinenTreinen
TreinenRafael Cedrés Jorge
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

More Related Content

Recently uploaded

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Recently uploaded (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Featured

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Featured (20)

Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 

Dontgethacked

  • 1. Don't Get Hacked Automated Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: August 2007 Summary: This white paper describes advantages of using Open Source Vulnerability Analysis tools to protect your Internet facing servers. While acknowledging that Vulnerability Analysis is only a part of the solution to securing your server, it is clear that a reliable ongoing vulnerability analysis is a step in the right direction.
  • 2. Table of Contents 1. Introduction............................................................................... ......................1 2. Reasons for an increasing threat landscape....................................................2 . 3. Common areas that are attacked..................................................................... .3 3.1 Poorly Configured Servers.................................................................... ..........3 3.2 Software that is not updated.............................................................. ............3 3.3 Web Scripts............................................................................ ........................3 3.4 Poor ssh password security.................................................................... ........3 3.5 Password Reuse.................................................................... .........................3 4. Uses of a compromised host....................................................................... 4 ...... 4.1 Spamming host.............................................................................................. .4 4.2 Distribution of Malware.................................................................. ................4 4.3 Phishing sites.............................................................................. ...................4 4.4 Warez File Storage.............................................................. ...........................4 5. Do you really need a reason to stay secure?......................... ..........................4 . 6. Why you should use HackerTarget.com....................................................... 5 ..... 6.1 Other Options................................................................................ .................5 7. Contact HackerTarget.com...................................................... .........................5
  • 3. Automated remote Vulnerability analysis services 1 1. Introduction Online threats against internet servers are becoming more widespread, with attacks becoming more devastating everyday. Examples like the recent “Italian Job” Mpack attack and the Microsoft UK Defacement are only 2 of an increasing number of serious attacks. It is not only well known high value targets that are being attacked, in fact the number of small web hosts and web sites being attacked is increasing dramatically. Increasingly profit is the main motive in compromising hosts, and when examining the intended use of the compromised host we can find many examples where a number of small web hosting servers can be of more value than a major corporate web server. Protecting internet servers against all but the most determined of attackers is not difficult. The spate of recent compromised hosts is more a matter of laziness and priorities rather than highly skilled attacks. The smaller web hosts and organizations may not pick up the compromise immediately and here at HackerTarget we have investigated systems that were under the control of an attacker for up to 6 months before the breach was noticed. An online vulnerability assessment is an efficient way to increase your internet security posture and stay secure. HackerTarget.com © 2007
  • 4. Automated remote Vulnerability analysis services 2 2. Reasons for an increasing threat landscape Automated methods of attack and easy access to exploits are the main reasons for the increasing ease that servers are being popped. In fact if you want to prove how easy it is go to http://www.milw0rm.com and select one of the recent web application exploits. Then go to Google and type in the quot;Google Dorkquot; - such as quot;powered by scriptnamequot;. See how many vulnerable applications on servers all around the web you can find in 5 minutes. I would advise you not to go any further than this, without consulting your lawyer!! Please note that we have nothing personal against the service provided by Milw0rm, it is merely the most well known and accessible place to get working exploits. HackerTarget.com © 2007
  • 5. Automated remote Vulnerability analysis services 3 3. Common areas that are attacked 3.1 Poorly Configured Servers Whether it is bad permissions, a mis-configured web or mail server or a temporary fix that was done when the clock was ticking - poorly configured servers are everywhere and often due to time constraints it doesn't take much for even an expert Systems Administrator to slip up now and then. 3.2 Software that is not updated Server operating systems and applications all need to be updated when security updates are released. This is not optional! Use of Windows Update, Yum and Apt tools for easy updating of servers has been great for reducing the number of vulnerable hosts, however there are still many hosts that get overlooked. It is only a matter of time until vulnerable service is discovered and the system is compromised. 3.3 Web Scripts PHP and ASP applications and scripts are a great way to get dynamic websites working quickly, however that is not the end. Like operating systems and software these must be updated when security updates are made available. Updates for these scripts are constant and they can be easily overlooked - until the day your blog is compromised and starts serving up malicious iframes to your unsuspecting audience. 3.4 Poor ssh password security The use of strong passwords on all internet facing hosts is essential. It is a simple matter to view the ssh log for any internet facing host and see how often the system is being hit by brute force ssh attacks. 3.5 Password Reuse Let say you pay close attention to your server and are confident there are no holes available to an external attacker. In fact you regularly post on forums around the web about how good your servers are. It just so happens that one of the forums you are posting to is not as vigilant as yourself. One day you wake up to find your main page has been defaced and you are losing sales every minute - not only that but your PayPal account has been emptied! How did this happen? Investigation has revealed the forum you use had its user database hacked and you used the same password on the forum as the one you use on your web mail. In your web mail an attacker has found your servers logon details. oops. HackerTarget.com © 2007
  • 6. Automated remote Vulnerability analysis services 4 4. Uses of a compromised host 4.1 Spamming host A straight up spamming operation. Using your server to send out hundreds of thousands of spamming emails is a profitable use of your compromised host. This will go on until you stop it or you get blacklisted and the spammer finds another use for your server. 4.2 Distribution of Malware Using your web server to serve up content - just what it was made for right? What if the content is malicious, loading and exploiting your customers or users, spreading nasty key logging malware that is compromising their desktops and eventually emptying their bank accounts. 4.3 Phishing sites Those phony email's we have all seen with a fake paypal page or internet banking page. What if those fake pages are being served up from your web host. 4.4 Warez File Storage Pirated software, movies or other valuable illegal files may be stored and served up from your server. 5. Do you really need a reason to stay secure? Prevent costly downtime in the event of a security breach • Provides assurance to your customers that you value information • security Avoids loss of reputation in the event of a security breach • HackerTarget.com © 2007
  • 7. Automated remote Vulnerability analysis services 5 6. Why you should use HackerTarget.com * non-intrusive scan of your network / host perimeter * identify security problems on your internet server and web sites * results delivered to you weekly * security is an ongoing process so we give you an ongoing helping hand * detailed technical reports delivered to you by email for further investigation * Technical Security Intelligence that will allow follow up remediation by your staff, consultants or HackerTarget.com * allows you to concentrate on doing what you do best - getting on with business * best of all its affordable - security shouldn't cost the earth 6.1 Other Options * Conduct the scan yourself Using the freely available scanners such as Nessus, Nmap, Nikto and SQLiX you can run the scans yourself. While familiarization with Linux will be a help, it is a great way to get some technical understanding of these excellent tools and the theory behind them. * Use other more corporate services that will give you much more polished reports for a much higher price but essentially contain the same results data. * Not worry about security and just cross your fingers and hope for the best. :) 7. Contact HackerTarget.com Further information on the scanning options available can be found at our website. Visit HackerTarget.com today for an immediate vulnerability scan or contact us for a free consulting services quote. Email: info@hackertarget.com web: http://www.hackertarget.com HackerTarget.com © 2007