Website security is more important than ever. Web servers, which host the data and other content available to your customers on the Internet, are often the most targeted and attacked components of a company’s network. Cyber criminals are constantly looking for improperly secured websites to attack, while many customers say website security is a top consideration when they choose to shop online. As a result, it is essential to secure servers and the network infrastructure that supports them. The consequences of a security breach are great: loss of revenue, damage to credibility, legal liability and loss of customer trust.
The following are examples of specific security threats to Web servers:
- Cyber criminals may exploit software bugs in the Web server, underlying operating system or active content to gain unauthorized access to the Web server. Examples of unauthorized access include gaining access to files or folders that were not meant to be publicly accessible and being able to execute commands and/or install malicious software on the Web server.
- Denial-of-service attacks may be directed at the Web server or its supporting network infrastructure to prevent or hinder your website users from making use of its services. This can include preventing the user from accessing email, websites, online accounts or other services. The most common attack occurs when the attacker floods a network with information, so that it can’t process the user’s request.
- Sensitive information on the Web server may be read or modified without authorization.
- Sensitive information on backend databases that are used to support interactive elements of a Web application may be compromised through the injection of unauthorized software commands. Examples include Structured Query Language (SQL) injection, Lightweight Directory Access Protocol (LDAP) injection and cross-site scripting (XSS).
- Sensitive unencrypted information transmitted between the Web server and the browser may be intercepted.
- Information on the Web server may be changed for malicious purposes. Website defacement is a commonly reported example of this threat.
- Cyber criminals may gain unauthorized access to resources elsewhere in the organization’s network with a successful attack on the Web server.
- Cyber criminals may also attack external entities after compromising a Web server. These attacks can be launched directly (e.g., from the compromised server against an external server) or indirectly (e.g., placing malicious content on the compromised Web server that attempts to exploit vulnerabilities in the Web browsers of users visiting the site).
- The server may be used as a distribution point for attack tools, pornography or illegally copied software.
If you would like to download the entire Website Security manual please for free, please do so here!
Clarke & Sampson has been around for seventy years now, and we've kept up with the modern advancements. Please contact us today if you have any further questions about cyber security and what you can do to prevent it. 703.683.6601