Afew months ago, the Central Intelligence Agency (CIA) US website (www.cia.gov) was hacked by hacker group Anonymous. The following day, the Microsoft India website was targeted and the victims on Day Three were the Border Security Force (BSF) website and the Trinamul Congress website (www.aitmc.org). In the past, too, important sites including the Regional Passport Office of Hyderabad (www.ap.nic.in) and BSNL websites have been subject to alien intrusion. The group Anonymous had been in the news since then and they have brought back to the fore a prime concern amongst most users — how to ward off hacking.
“Hacking has become a very normal thing. It’s no longer supposed to be, ‘OMG my website got hacked’. We’re living in an age and time where no network can be 100 per cent secure,” feels ethical hacker Ankit Fadia.
“There are two types of hackers. Hacktivists, who hack into websites to spread a political or social message. They do it either in retaliation or to show dissent,” said Fadia. Of which the Trinamul website is a good example because experts believe Bangladeshi hackers hacked it — and the BSF website.
“The second type is malicious hackers who have some profit in mind or cause some kind of destruction,” added Fadia.
The ethical hacker tells you how to keep the bad boys at bay...
1. Do a security audit on a regular basis.
2. Install a firewall on your website.
3. You need an intrusion detection system that analyses all the traffic and data coming to your website. It will try to detect whenever an attack is taking place and notify you.
4. Strong security policies in your organisation to control what kind of files employees can access and allow you to disable USB drives.
5. You need an anti-virus on your network and need to update it regularly. Because someone could introduce a virus on the network where the website is being hosted. Or some sensitive data, saved on the network, could be stolen.
6. All user passwords should be strong — a combination of words and special characters.
7. Have an anti-spyware installed —
it’s the same funda as an anti-virus.
If you’re running a database, you have to protect it against SQL injection. This is an attack whereby you can actually log in as the administrator without knowing the password. A lot of government websites are vulnerable to the SQL injection so they should be really particular about this.
8. Disable as many public accessible
services as possible. What that means is, if you’re not using FTP (file transfer protocol, that is transferring a file from one computer or system to another) then the service should be disabled. The chance of somebody entering your system is minimised.
9. Update your operating system regularly. Just like on regular computers you have Windows update, similarly on a server you have to install the latest security patches.
10. Despite all those nine solutions, you have to be prepared that your website can be hacked because there’s nothing called 100 per cent security.