The Internet is a big place, and scattered throughout the world are people who would like nothing more than to control the computer systems that you own or manage. Increasingly hackers (technically crackers) are turning compromised computers to the pursuit of monetary gain.
It does not matter that you “store no credit card data” or that you only run a few personal blogs, any computer connected to the Internet is a target and a prize for hackers. Uses of compromised servers:
Spam – acting as relays for millions of unsolicited emails, spammers are not just pests they can be costly, chewing through your bandwidth, damaging your reputation and distrupting your email communications when you end up getting blacklisted.
Storage – illegal software, music, video and images will result in a disruption of your services, costly bandwidth and potential for damaging legal issues when the source gets traced back to a computer you own or manage.
Distributition of malware – After compromising your host it may be used to host exploits on your web server, this means the server you own or manage is being used to compromise other hosts.
As a jump point – direct attacks against other systems on the internet. Tracing the origin of an attack will reveal that the attack came from an IP address under your control.
Data Harvesting – direct attacks against your host to collect customer records, credit card numbers or membership details. Sql injection is a popular method for this as the vulnerability provides direct access to the database.
Using a vulnerability scanner provides the owner or manager of an Internet host or website with a report detailing any obvious security risks that can be attended to and resolved before the hackers hit.
There are a number of excellent open source products available that are as good if not better than expensive commercial software. Not everyone who runs a website or Internet host is a large corporation that can afford a dedicated network security team. This is where HackerTarget.com hopes to help.
We provide an affordable and easy way to get a vulnerability scanning process implemented on your Internet host or web site.
What is Vulnerability Assessment?
Given the complexity of today’s Internet hosts, web servers and dynamic content, exploits and bugs are a certainty. Keeping current with patches and updates can prove to be a daunting task in a busy organization.
Combine the expertise requirements with the task of keeping current, and it is inevitable that adverse incidents occur, systems are breached, data is corrupted, and service is interrupted.
To augment security technologies such as firewalls, intrusion detection and other technologies, you must think like an attacker and gauge the security of your systems by checking for weaknesses. Preventative vulnerability assessments against your own systems and network resources can reveal potential issues that can be addressed before an attacker exploits it.
An external vulnerability assessment is an audit of your external facing Internet presence. The results of which indicate the current security status of your server and / or web site. The use of automated vulnerability assessment tools is a part of a bigger process that involves ongoing secure practices to ensure that you remain safe from attackers.
A full manual vulnerability assessment would involve reconnaissance, during which important data regarding the target systems and resources is gathered. This leads to the system vulnerability check which would be conducted using both automated tools and manual checking, where the target is essentially checked for all known vulnerabilities. Following this is the reporting phase where all the data is compiled and classified into categories of high, medium, and low risk; and methods for improving the security (or mitigating the risk of vulnerability) of the target are discussed.
Depending upon your requirements and resources, there are many options available. Many of the worlds leading security tools are based on Open Source Software and freely available to download and use. With time, patience and a little research you have the option of performing your own vulnerability assessments. Another option is to splash out and pay for high priced Security Consultants to assess and report on your systems. However if you are budget conscious and don’t have the time to investigate and install some of the Open Source tools, and would like an automated assessment performed by experts HackerTarget.com may be just what you are looking for.
These books are excellent resources for those wanting to learn more.
