Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can you keep Linux-based ransomware from attacking your servers?

David Geer | Dec. 7, 2015
Patching pressures don't make Linux ransomware any easier to take.

Beware: if the same vulnerabilities remain unpatched for years, this is what most attackers are targeting. “Attackers are utilizing well known, well documented vulnerabilities in externally facing applications,” says Swearingen. You must patch eventually, or expect to become a statistic.

Secure development

The best place to secure web applications is at the start, in development. When developers follow coding standards that address the riskiest vulnerabilities that an application can have, they greatly mitigate the potential for successful attacks. “In any custom application, ensure that your developers are referencing the OWASP Top Ten,” says Swearingen.

The OWASP Top Ten application security risks include injection flaws, poorly implemented authentication, cross-site scripting flaws, direct object references, insecure configurations, sensitive data, PII exposure, missing function level access controls, cross-site request forgeries, known-vulnerable components, and unvalidated redirects. In each case, the security hole permits an attacker to insert or access data or components, leading to a broader compromise.

By checking and closing each vulnerability as they create an app, developers can deal the greatest blow to attacks before the app even sees the light of day.

Vulnerability monitoring

As with the OS, there are vulnerability scanners tailored to CMS and web applications. “If you’re running a Word Press site, there is an application called WPScan that can test it,” says Swearingen. HackerTarget makes multiple web and CMS scanners available. OWASP has a WordPress scanner. There are also scanners that can check the source code.

Of course, once you find a vulnerability you will have to either patch it or find some other solution such as a WAF to secure around it.

“You’ll want to implement security best practices including a backup strategy that you can test and confirm works to restore the system in the event that an attacker does encrypt it and hold it for ransom,” says Swearingen. If someone else has provided the server and the enterprise is in charge of the application layer, you should backup the application and perhaps the database, depending on your circumstance, he explains.

To ensure that backups as an approach in general will really counter a Linux ransomware attack, keep the backups on a different system at a different location with different credentials, so that a compromise of the server is not automatically also a compromise of the backups. “Whether you are using server snapshots for backups, make sure the backup system is not mounted from the original server that is subject to compromise,” says Swearingen.

Security practices

Security best practices will lead the enterprise to segment web servers from any externally exposed server and from other networks, and to use highly restrictive access controls, says Swearingen. You should always use all applicable layers of defense that are available to you.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.