2017 was arguably the worst year yet for security breaches. In the first half of 2017 alone, there were over 918 reported data breaches compromising over 1.9B data records. And the range of attack vectors utilized by actors was vast, including phishing scams, ransomware, and never-before-seen attacks via compromised IoT devices. But all hope is not lost. In the face of all growing and sophisticated cyber attacks, there a number of things that organizations of any size can do to better secure their infrastructure and limit their exposure to these risks and protect against security breaches.
The National Institute of Standards and Technology (NIST) released an updated 2017 whitepaper which concluded that complex passwords and password expirations resulted in confusion for users, and in some instances even hindered security efforts by forcing users to write down their passwords and store them in open view of others. So what is a security professional to do?
Use a Password Manager
Password managers are a great solution. They help ensure that users are utilizing complex passwords when logging into your systems but ease the burden on users in terms of managing the complex passwords. They also enable users to generate complex passwords and store them securely under a single “master key” so that users only have to remember one password. We recommend using KeePass or LastPass.
Here is an example of the password generation options that you can implement with KeePass:
As you can see, KeePass and other password managers offer a range of options to help your users create complex passwords that are difficult to crack.
Implement Two-Factor Authentication
Two-factor authentication is a great compliment to enforcing complex passwords through password managers. This is because two-factor authentication enhances passwords by requiring a second token to prove identity. This second token is usually something you and you alone possess, whether it be software or hardware. We recommend using hardware authenticators like RSA or Yubikey versus software authenticators like Google Authenticator or Authy, as hardware authenticators are much harder to spoof.
If you’d like to learn more about two-factor authentication, I encourage you to read our article How to Enable Two-Factor Authentication.
Enable Brute Force Detection
Brute Force Attacks occur when an attacker attempts to calculate every possible password that could be used on your systems and then tests them against your site until one of them grants him access. This can be done either by using dictionary words or trying to guess the key created by key derivation functions to encrypt passwords into a secret value.
Attackers use a computer program or script, which automatically attempts all possible combinations to gain access. As computer hardware becomes faster and capable of doing more calculations per second, brute force attacks have become more popular as a means to obtain sensitive information stored in databases and other web applications. And because the volume of attacks of this type are driven largely by hardware performance increases, this problem is only going to get bigger.
Brute Force Detection software works by keeping an eye on the various log files that your server generates. It looks for patterns consisting of numerous failed login attempts during a short period of time from a single source IP address. When it detects this pattern, it blocks that IP address in the server’s firewall.
Brute Force Attacks are so prevalent, that Liquid Web enables and configures Brute Force Detection on all of our servers. We highly recommend that you do the same.
If you’d like to learn more about Brute Force Attacks and Brute Force Detection check out our article What is Brute-Force Detection (BFD)?
Use Firewalls and VPNs
A firewall is another great tool for securing your infrastructure. They help by preventing unwanted connections to your infrastructure. Firewalls come in two flavors, namely hardware firewalls and software firewalls. Each works well depending on the needs of your workload.
A hardware firewall is an additional device that sits on your network along with the rest of your infrastructure. Some popular hardware firewall manufacturers include Fortinet, Sophos, Barracuda, and Cisco. This type of firewall can be managed via a web interface or even a serial connection.
A software firewall is managed within a server’s operating system or within your hosting provider’s control panel. Most servers running Linux operating systems use iptables and most servers running Windows use Windows Firewall. The Linux firewall can be managed with the graphical user interface (GUI), command line interface (CLI) or via a control panel like the popular cPanel. The Windows Firewall can be managed with the GUI or CLI; some control panels like Plesk are compatible with the Windows Firewall.
A common recommendation with firewalls is to create a “whitelist” or a ruleset that allows only authorized connections to reach your infrastructure. You can also add a blocklist if you only want your infrastructure to connect to specific areas of the internet.
In addition to firewalls, you can use virtual private networks (VPNs). They allow you to always have an encrypted connection to your infrastructure. You can find out more about Liquid Web firewalls in our article entitled Basic DoS/DDoS Mitigation with CSF Firewall.
Develop a Recovery Plan
Sometimes an attacker’s objective is not to steal your data, but to prevent you and your customers from being able to access it. That’s why creating a recovery plan is another important step that you can take to protect your business. With the right recovery plan in place, you can quickly recover and restore access to key business systems and information.
The first few steps of developing your recovery plan involve specifying a budget and establishing your recovery point objective (RPO) and recovery time objective (RTO). RPO and RTO are two key metrics that establish how quickly your business must be able to recover from a downtime event. These metrics are tied to how mission-critical your workload is to your business. Once you’ve established these metrics for your IT workloads, you can formulate an overall plan that helps ensure that you are aligned with your business’ needs. A key and often overlooked final step in developing a recovery plan is ensuring that you test it.
Your Recovery Plan Should Include Data Backups
Data backups technology has been around forever, but you’d be surprised at how many workloads are not protected with regular data backups. It’s also common for data backup routines to go stale (i.e. they aren’t reviewed or tested for ages). So don’t make this mistake yourself. Make sure that all of your critical workloads have their data regularly backed up, and make sure that you review and test your backup schemes on a regular basis.
As I mentioned earlier, backup technology has been around forever and there are a dizzying array of options available. In order to pick the right backup solution, you need to make sure that you are asking yourself the right questions like:
- How important is this data to my business?
- How often is data written or read?
- How long can the data remain inaccessible?
Answering these questions in advance for all of your workloads will ensure that your backup solution will work best for you when you need it most.
If you’re interested in learning more about data backups, you should check out our article on Data Integrity.
Develop Standard Operating Procedures (SOPs)
Developing standard operating procedures (SOPs) is another key step in preventing data breaches, and can help you recover more quickly from them as well. SOPs enable anyone to perform the necessary steps to ensure that your environment is protected and can also speed up the recovery of capabilities when you experience a security breach. SOP documentation should include vendor contact information, serial and warranty numbers, and IP configurations.
I hope that you found these security tips helpful. If you follow our suggestions, I think you’ll find that you’ll be better prepared to protect against security breaches and better able to recover from them.
If you’d like some more help, I encourage you to reach out to our security professionals here at Liquid Web. They’ll gladly help show you how you can more securely tap into the power of cloud and dedicated hosting to empower and protect your business.