What Your Business Should Know About Targeted Malware

20 Aug What Your Business Should Know About Targeted Malware

IT managers and security professionals are increasingly worried about targeted malware and its affect on business operations. However, according to a recent survey by security firm Bit9, these professionals are decreasingly confident in their ability to identify and stop such security threats.

Bit9’s server security survey found that targeted malware attacks are the top server security concern of 52 percent of respondents (all 966 respondents are IT and security professionals), up 15 percent from the prior year.

Twenty-five percent of survey respondents said their servers were attacked in 2012, up 8 percent.

Twelve percent of those surveyed ranked “too much administrative effort” required by traditional security solution as a bigger concern than actual attacks.

Forty-three percent of respondents use more than one full-time employee to manage server security.

“These results highlight the need for greater control in identifying and stopping advanced attacks on valuable server resources-before they execute-while decreasing the security-related administrative workloads of IT and security professionals,” said Brian Hazzard, vice president of product management for Bit9. “The key to securing enterprise servers-both physical and virtual-is to allow only trusted software to execute and prevent all other files from running. That’s how the Bit9 Platform protects our customers’ servers and endpoints against targeted attacks, zero-day threats and all other types of malware.”

To begin securing your web servers, follow the simple steps below:

1. Remove services you are not using

Default operation system installations and configurations are not secure because many unnecessary network services are installed, such as remote registry services, print server services, etc. The more services running on an OS, the more ports will be left open for malicious users to enter. So, disable unnecessary services so that the next time the server is rebooted, they are not started automatically.

2. Secure remote access

Whenever possible, server administrators should login to web servers locally. However, if remote access is needed, make sure that the remote connection is secured properly by using tunneling and encryption protocols. Restrict remote access to a specific number of IPs and to specific accounts only.

3. Server-side scripting and web application content

Keep web application or website files and scripts on a separate partition or drive other than that of the OS, logs, and any other system files. Hackers who gain access to the web root directory are able to escalate their privileges and gain access to data on the whole disk, including the OS and other system files.

4. Keep development, testing, and production environments separate

It is easier and faster to develop a newer version of a web application on a production server, so it is common to develop and test an application directly on the production servers themselves. Therefore, it is also common on the Internet to find newer versions of a specific website, or some content which should not be available to the public, in directories such as /test/, /new/, or other sub directories. These applications are in their early development stages, so they tend to have vulnerabilities. To avoid the threat of a hacker using these versions of your application, conduct the development and testing of web applications on servers isolated from the Internet, and never connect them to real life data and databases. USACI would be happy to assist you in quickly setting up development & testing environments.

These steps are just the start to a more secure server environment. The best thing you can do to keep your company safe from the threat of malware is to stay abreast of security technologies, as they are developed, to stay one step ahead of malicious users.  However, this can be a time consuming endeavor, and Fortinet’s Fortiguard Labs global team of threat researchers are already doing it for you.  They deliver rapid product updates and detailed security knowledge around the clock, providing protection from new and emerging threats.  USACI has been a Fortinet Platinum partner for 9 years and we welcome to opportunity to show you what Fortinet can do.