Security threats and solutions

Security threats and solutions

Spread the love

This blog gives a borderline overview of the kinds of security threats that are faced in a day to the day application environment and it also provides an overview of how to mitigate them.

Introduction

As a Systems Engineer, a security threat is something that has to be considered with utmost importance while setting up an infrastructure for an application. Every possible security loopholes have to be closed before the app goes live to prevent data leaks, service unavailability, corruption, etc.

Learning and following standardized security practices is the best way to achieve this.

This blog gives a borderline overview of the kinds of security threats that are faced in a day to the day application environment and it also provides an overview of how to mitigate them.

What are security threats?

A security threat is something that can harm, destroy, or corrupt a system or an organization. We are only focusing on the computer security threat and hence in this context, the definition of a security threat is that it is a risk that can harm, destroy or corrupt a computer-based system like servers, container images, software code, etc.

Security threat can be classified in various ways based on how that work.

  • Distributed denial-of-service (DDoS) attack
  • Botnets
  • Malware
  • Worms
  • Viruses
  • Trojan Horses
  • Spyware
  • Ransomware
  • Pharming
  • Phishing
  • Spoofing
  • Spam
  • Hacking
  • Wi-Fi Eavesdropping
  • WPA2 Handshake Vulnerabilities

Let’s get into details

Distributed denial-of-service (DDoS) attack

What is it?

Aah!! The beautiful DDOS attack. You know how you can only handle a limited number of people at a time, servers are like that too. They too can handle only a limited amount of requests. What DDOS does is that they bombard the server with so many requests from different places (hence “distributed”) and this prevents the servers from responding to genuine requests from the actual users.

This basically takes down your entire service. DDOS is very effective if properly implemented, and it can be used multiple times on multiple services.

You’ll need to deploy botnets first, which can be spread through an infected email or file and the keep listening of commands from the DDOS hacker to know where to send requests to.

How to mitigate it?

To mitigate a DDOS attack is a bit difficult since it comes from different IPs and requests from your genuine users also come from different IPs.

Few methods that we have used are as follows

AWS WAF: Setup an IP rate limit rule so that any high volume requests from a single IP beyond what a normal user would request is automatically blocked

Monitoring: We use Zabbix monitoring to alert if there is a very high CPU, memory, disk, or network usage on the servers. This ensures that we can take action actively if there is an attack.

Botnets

What is it?

Botnets are basically a large cluster of infected computers where a bot sits listening to the commands from an attacker that should be executed. These are mainly used for DDOS attacks, spamming, etc.

Since this bot does not do anything to your own PC/Server, it is difficult to know if there is a botnet infection.

How to mitigate it?

To mitigate this issue, proper antivirus can be used in Windows and if required in Linux.

Since Linux does not give execute permission to applications by default, it is difficult to be infected but once infected, an antivirus will be required to scan and remove the bot.

Malware

What is it?

Malware is a software that does unwanted processes inside a computer. Virus, Trojan, Worms, adware, all are considered malware.

How to mitigate it?

Antivirus programs and installation of software from reputed publishers and repositories is the best way to prevent malware.

Do not open unrecognized emails, always scan attachments before opening them.

Use really good antivirus software.

Worms

What is it?

Worms are not like viruses that are attached to other files or programs. Worms exist as a standalone application and it does not modify the storage in any way. Works run in the RAM and replicate themselves via the LAN or the internet using open/unsecured ports, network vulnerabilities, etc.

They can disrupt networks, take down machines, cost a lot of revenue loss for companies.

How to mitigate it?

As for any malware, the first defense is antimalware software. They can scan running processes to detect worms.

Another method is to use a proper firewall with only the required open ports. This ensures that the worm cannot spread even through a vulnerable port since the firewall blocks it.

Keep your computer up to date by installing the security updates provided by the OS vendor.

Viruses

What is it?

Viruses are your typical malware which just causes destruction of your machine. It uses up your CPU, Memory, and network resources. It can also install unwanted software.

How to mitigate it?

Proper antivirus and good standards while accessing the internet are the best method to prevent virus infection on a machine.

It will also be good to monitor the resource usage of the machine you are working on so as to see if there are unwanted usage spikes.

Trojan Horses

What is it?

Trojan horse is a type of malware which when infected on a machine opens a backdoor to the attacker using which they can access files and other data from the infected machine without the user knowing.

Once infected, the attacker has complete control over the activity of the computer from camera access to keyboard input.

How to mitigate it?

Antivirus, good standards while using the internet, not opening unknown emails, scanning attachments, etc are some of the methods that can be used to prevent trojan infection.

Spyware

What is it?

As the name sound spyware basically spies on you and your activities on the PC. They collect web browsing activities, application usage activities, network activities, etc, and send them to the attacker. These include sensitive information like password, keys, codes, etc.

How to mitigate it?

Most antimalware applications take care of spyware also but some provide them as a paid alternative.

It is always better to use paid antivirus software since if you are using the free version, then Windows Defender (if it’s windows) will do just fine

Ransomware

What is it?

If you were not living under a rock, you will definitely have heard about ransomware.

Ransomware does not send any data to the attacker. They just encrypt the data in the computer with a key known only to the attacker. After the encryption, the original files are deleted. They also put a message asking the user to pay a specific amount to get the recovery key.

How to mitigate it?

Ransomware spread through different methods. These include infected files, vulnerable/unsecured ports, emails, etc. Hence to protect against them, they should not be allowed access inside since ransomware will encrypt files the moment they come inside.

So the best way to prevent this is by using a firewall to block unnecessary ports, updating the OS with all the security updates as release

Pharming

What is it?

Pharming is the process of redirecting an actual website to the attacker’s website for ad revenue or data harvesting etc. Here the redirected URL also looks like the original URL but the data is sent to the attacker.

This is almost the same as phishing but instead of giving a fake URL, the redirect is done using DNS reconfiguration.

How to mitigate it?

To mitigate this, always check for the lock symbol in the URL to confirm the SSL certificate.

You can also set Google DNS 8.8.8.8 and 8.8.4.4 for all access.

Also, make sure to connect to a trusted WiFi/Network for accessing the internet.

Changing passwords at regular intervals also helps in case you have already fallen for Pharming or Phishing.

Phishing

What is it?

Phishing is the process of sending fake URLs to people via email to trick them into thinking that the link is from a legitimate site and harvest the login credentials of people.

How to mitigate it?

Just like pharming, check for SSL encryption on the URL and ensure that you are accessing the right URL.

The latest antivirus programs and web browsers also have an inbuilt feature to prevent users from going to phishing sites.

Spoofing

What is it?

Spoofing is the process of sending emails, or serving or accessing sites as if they are from a legitimate source or IP.

The email can include your own name and domain of a trusted URL.

This is done by editing the header of the email.

How to mitigate it?

To mitigate this issue, always check for TLS/SSL encryption in the email and also check emails thoroughly because most spoofed emails will have spelling mistakes.

Gmail, outlook, etc provide spoofing protection by default and hence using a good email client is a really good method

Spam

What is it?

Spam is the process of sending unsolicited messages, emails etc. This is more of an annoyance and less of a threat unless the messages start overwhelming the sever or the inbox causing the user to miss legitimate messages.

How to mitigate it?

Maintaining good standards while using the internet is the best method to mitigate this issue.

Do not give your email address to untrusted websites.

It is a good practice to include a + tag while giving emails to sites.

Eg: contact@vigneshn.in and contact+what_ever_you_want@vigneshn.in will deliver the email to contact@vigneshn.in itself.

So if you are signing up for Zomato, you give your email as contact+zomato@vigneshn.in,

That way when you receive spam and it has this email address you’ll know from where the email was leaked. 

Hacking

What is it?

Hacking is basically gaining illegal access into a system. The above-said methods all come under hacking. Hacking also includes methods like social engineering.

How to mitigate it?

Following good standards as mentioned above in all digital spaces is the best way to prevent people from hacking your system.

Conclusion

I use various ways to protect systems and services from being hacked, they include WAF (Web application firewall) in AWS to DeepSecurity.

I also follow really good standards like server hardening, giving the right permissions to files, using firewalls to block/allow access to ports, security groups in AWS.

I use Linux as my PC for better security

Even then, the maintenance of security is an ever-evolving standard with new vulnerabilities and attack vectors being found out every day. Hence it is always required to learn about it and be one step ahead of the attacker.

 

For more information  on the topic go to Innovature’s Security testing  page

Vignesh N

An enthusiastic experienced System engineer in Innovature. Skilled in Cloud architecture, DevOps, Python. Also responsible for Linux administration.

54321
(3 votes. Average 5 of 5)
Leave a reply

Your email address will not be published. Required fields are marked *