Blog

Managed Security Services Can Protect Your Organization: The hacker SQL injection attack is a technique often used to bypass the security measures implemented by “front-end/back-end” website and database structure, which is quite similar to, and in some cases regarded as one of the well-known buffer overflow cyber attack methods frequently used to gain unauthorized access and/or privilege escalation.

To perform a SQL injection attack, the attacker essentially inputs information into an interactive field in a web page or may inject a specially constructed command string into the website address bar of a web browser that includes SQL database commands (usually at the end of the command string) hoping the web site’s back-end database accepts and executes the commands.

The types of commands an attacker may choose to inject are usually commands that grant privilege escalation (administrator or root permissions), administrative command line access, forms of database reconfiguration, or commands with the potential to gain full access to confidential information contained in the database that normally requires proper authentication and permissions for access.

SQL injection, however, can do more than simply enable an attacker to gain full access to a database and information it holds. Since many relational databases grant the database administrator account administrative access to the operating system, if the database is not securely configured, an attacker could gain full access and control of the underlying operating system as well!

Contact us today and find out how our managed security services can protect your organization from SQL Injection attacks, and resolve SQL Injection vulnerabilities within your application back-end SQL database services.

In the next post learn about the risks unauthorized software installations pose and how managed security services can help your organization maintain control and security.

Protect your organization: Network infrastructure devices such as routers and switches may seem relatively secure however, there are many “hidden” security vulnerabilities that attackers can leverage to control your organization’s entire network if not identified and resolved.

For example, a large portion of the known router vulnerabilities involve remote administration services such as Telnet, SSH, TFTP, and HTTP. Of the three mentioned above, only SSH offers encrypted connections, while the others enable an attacker with a sniffer to capture information in the clear, and HTTP and Telnet enable the attacker to view user names and passwords sent over the network as well. The obvious solution to this type of attack is to only use services that enable high level  encryption with algorithms that meet standards such as those in the U.S. Federal Government’s FIPS 140-2 documentation. So with routers, enabling only SSH and/or HTTPS while disabling all other services unless necessary and only for a specific activity before disabling again (such as TFTP used for updating firmware) is essential to ensuring that routers are not susceptible to sniffing attacks.

Another attack that also involves remote administration services is CSRF or Cross Site Request Forgery. What happens in this attack is that someone logs in to a router then leaves the session open (does not close the session) when finished working with the router. The router is susceptible to accepting commands from unauthorized persons if the session is not closed after use. To prevent CSRF attacks, configure routers (if supported) with a timeout on remote administration sessions (such as 2 to 5 minutes) when there is no activity detected. IPS/IDS systems and firewalls with CSRF prevention features detect and mitigate or alert administrators to an attack when configured to do so by inspecting HTTP header referer and cookie fields.

If your organization’s network needs a security check up, contact us to learn how our managed security services can identify and correct vulnerable configurations and maintain a high level security posture for your network and organization.

In the next post, SQL injection attack techniques and what you can do to protect your organization and valuable information from SQL injection vulnerabilities.

Business site availability through redundancy is a critical component of disaster recovery planning. The three basic site redundancy strategies include hot site, warm site and cold site plans. All three sites replace an organization’s place of business should a major disaster or other outage render the organization unable to operate at their current location. Regardless of the strategy type employed, geographically locating redundant sites a safe distance away from the current place of business determined by the types of disasters known to occur in the area.

Of the three strategies, the hot site strategy provides the quickest disaster response time by enabling the organization resume operations at the hot site within hours. A hot site is the most expensive of the three options. Hot sites require a complete duplication of server hardware and organization business systems along with pre-configured, up to date software and information maintained at the hot site, in some cases on a 24 hour basis (via frequent data replication over a secure,  high bandwidth WAN connection). Hot sites are usually best suited for short-term alternate locations due to the cost and configuration.

For organizations that can afford some down time, the warm site strategy offers a set of unique advantages. A warm site is similar to a hot site in that all the same server and other system hardware required for a hot site is also required for a warm site. The difference is that the warm site is not pre-configured nor synchronized regularly. Instead, should the organization require warm site services, administrators have to power up the systems, apply software and restore backups from the main site, configure the network systems and perform other preparations for warm site operation before the organization can resume business at the warm site. Some of the advantages of a warm site include the lower cost of not having to regularly maintain the fail-over site on a daily basis. Another advantage is that omitting server and other system hardware that is not absolutely critical to bring up the backup site may further reduce the warm site cost. In addition, a warm site can also serve as an excellent location for testing backup restoration (which should also be part of the disaster recovery plan testing).

Cold sites are appropriate for organizations that can successfully manage a longer recovery transition of up to two weeks and that require the most cost-effective recovery site available. A cold site provides just a location where the organization can resume operations, but without the network infrastructure, server hardware and other necessities needed for the organization to conduct business. A cold site may take days to configure rather than hours before the organization can resume operations at the cold site. However, in addition to being more cost-effective, a cold site is generally better suited for situations in which the organization requires a long-term stay before complete recovery of the organization’s main site necessary to resume operations.

If your organization is not yet protected by a disaster recovery plan, contact us to develop a strategy and plan that prepares your business to survive the inevitable.

A business continuity plan ensures business critical resource availability and systems necessary for organization survival and success. Fault tolerance, high availability and redundancy are system attributes essential to a successful business continuity plan. Understand the fault tolerance, redundancy, and high availability types required by the organization, defined by your business continuity plan, and supported by each system before procurement and deployment.

Fault tolerance refers to systems, software or networks designed to resist failure when an adverse event such as network connection outage or hard drive failure occurs. Fault tolerance is an asset attribute or property highly desirable for disaster recovery and business continuity planning. For example, storage systems configured with JBOD (Just a Bunch Of Disks) volumes will likely lose all data when a single drive in the array fails. However, storage systems configured in a RAID 6 array rather than a JBOD volume possess a fault tolerant feature (property) that enables them to lose up to two disks without losing either the entire disk array or any data.

The purpose behind fault tolerant features is “high-availability”. High-availability refers to the descriptive measurement of system up-time in relation to the service provided. For example, a single web server provides little in the way of fault tolerance if it were to fail and go offline due to a power outage or DoS attack. However, a group of three web servers configured as a cluster and each powered from a different power grid and running RAID 6 storage arrays provide a high degree of fault tolerance as a system. Each web server is susceptible to power outage, however the system as a whole is still capable of serving HTTP requests should one or two of the web servers fail due to power outage. To the user accessing the web pages the system would be considered “highly available” because it appears as if the web pages are always online. To the web server administrator the system would be “highly fault tolerant” because it is capable of handling up to two separate power outages (able to tolerate a large number of faults) in two separate grids while still remaining available.

Redundancy describes a type of fault tolerance that helps deliver high-availability. Redundancy applies to both disaster recovery and business continuity planning because the redundancy countermeasures mitigate risk identified during business continuity planning if both applicable to the system and justifiable through cost analysis. Redundancy is a disaster recovery component because it’s used to make a system more fault tolerant (a property of a system), delivering high-availability (the goal of both fault tolerance and a business continuity plan) by providing a recovery path in the form of standby, clustered (such as mentioned earlier) or other fail-over technique that ensures recovery when an incident occurs.

Contact us for more information about how fault tolerant, highly available, and redundant systems can ensure the business continuity of your organization.