Is Your Web Server An Easy Target for Hackers

Christopher Lentz | October 02, 2014 08:13 AM

In the modern world, having a website and social media presense can mean the difference between growth and stagnation. With such a high importance on the company website you would think there would be more attention to the security on those sites. However, most company websites are using WordPress, a commonly distributed website management package and using things out of the box, vulnerabilities and all. To top it all off, there have been a number of recent vulnerabilities like Heartbleed and Shellshock that have affected servers around the globe.

Avoid Commonly Distributed Software

Products like WordPress and other Content Management Systems are easily available to anyone who has an internet connection. As a result, this makes the code within it easy for a would-be hacker to find the vulnerabilites and exploit them quickly and easily. There are ways to better secure these platforms but those may not be cost effective for some businesses as it would require constant updating and patching. 

Secure Your Ports

Security starts with identifying methods that could be used to compromise a system or network. It should be no shock then that you should make sure only the necessary ports on your server are open to public access. For a web server, you should need at most 3 ports open to the outside world. The first is port 80, which is for HTTP communications. Next is port 443, the secured version known as HTTPS. The final port is really optional and should be very restrictive in regards to who can connect to this port and from where, it is port 22 otherwise known as SSH. Root login via SSH should always be disabled to increase security and accountability.

Keep Up To Date

Web servers are the forgotten step children of the corporate network environment, meaning that they are usually a "Set it and forget it" kind of device. However, that is not the appropriate mentality to have these days. Keeping your web server up to date on patches and firmware updates can mean the difference in someone sniffing out your SSL traffic or not. This is where the Heartbleed vulnerability was born, inside of an unpatched system using OpenSSL. Even if you are running Windows based web servers you should be on top of them as well. Missing a critical update could mean disaster on the security front. 

Having a website is just the beginning. Maintaining that infrastructure is as important as what purpose it serves. Take control of even the smallest bits of your network and you can mitigate a lot of risk. 

If you would like a security audit of your web servers or any other servers, call us today for a consultation.

 

Enforma IT provides Cisco Network Consulting, VMware Virutualization Consultanting, and Server/Desktop Support in the San Francisco Bay Area, Oakland, San Jose, and Chicago metropolitan areas.

© 2018 Enforma IT. All Rights Reserved.