Common security attacks and countermeasures

As a security professional, I talk to a lot of people about common security attacks and countermeasures. I’m not always certain the people I’m talking to know what these things mean. I am almost certain they aren’t willing to ask.

I know it’s more complicated than it was when I took my Security+ exam a decade ago. The stakes are much higher now. The attacks I had to identify caused inconvenience, but someone conducting a successful smurf attack on your printer won’t get you in the headlines. Today’s attacks will.

The good news

The good news is, you can do a handful of things and they will protect you against most of these attacks. The better news is you’re probably doing most of these things for other reasons already.

Watering hole attack

A watering hole attack is attacking a web site you know your target will visit, hoping you can jump from that web site onto your target’s network.

Effective countermeasures for watering hole attacks include keeping your patches on web browsers and plugins up to date, running an anti-exploit tool such as EMET, and blocking Flash and Java content at the proxy from websites unless that content is absolutely necessary for a business-critical need. I have more detail on watering hole attack prevention if you want.

Phishing

Phishing is sending e-mail with a malicious attachment to someone in hopes of getting them to open it or do something.

Effective countermeasures for phishing include security awareness training, patching common document software such as Word, Excel, and Adobe Reader with the latest security patches, using alternative software such as Chrome to read dangerous file formats, and running an anti-exploit tool such as EMET.

Domain squatting

Domain squatting is buying a web site before its legitimate owner does in hopes of fooling visitors, flipping the site to its legitimate owners for a profit, or both.

There’s not a lot you can do to prevent domain squatting. You can pre-emptively buy domains to defend your own trademarks against it. The only way to protect yourself from domain squatting happening to your business partners is to filter web content with a web proxy such as Forcepoint or Bluecoat. But when the proxy blocks access to an illegitimate domain, that’s not an error–that’s the proxy doing its job to protect you.

Dictionary attack

A dictionary attack is attempting to decode a downloaded password database by comparing it with known dictionary words.

The best countermeasure a developer can use for dictionary attacks is to salt the hashes the software uses. As an end user, the only countermeasure you have is to use strong passwords.

Cross site scripting

The best explanation I’ve heard for cross site scripting is code injection inside the browser. Most explanations I’ve seen focus on how it works and completely gloss over what it does. What it does is the important thing–it tricks a site into running code from a different site.

Developers can stop cross site scripting by sanitizing inputs from the users. Security professionals can stop it by using a web application firewall such as Imperva. You can protect yourself from other people’s cross site scripting to a limited degree by running a filtering web proxy such as Forcepoint or Bluecoat.

SQL injection

SQL injection is running database commands from user input when you shouldn’t. Attackers can use this to steal or damage your web site’s database.

Developers can stop cross site scripting by sanitizing inputs from the users. Security professionals can stop it by using a web application firewall such as Imperva.

Distributed Denial of Service (DDoS)

Distributed Denial of Service is flooding a web site with more traffic than it can possibly handle.

The only effective countermeasure against DDoS is to use a content distribution network. You can think of it as large-scale load balancing. The upside to using CDNs is they increase performance across the board. So you’ll rank better in SEO in addition to being more secure.

 

Leave a Reply

%d bloggers like this: