A walk through of the HostingArmor server security scanning system.

Firewall Best Practices (Part 1)

So you want your data to be secure (who doesn’t?).
You decided to buy (or build) a firewall to protect your servers from intruders.
Good for you…

But are you doing it “right“?

An improperly configured firewall is akin to locking your car door but leaving the window open with the keys in the ignition. A false sense of security is extremely dangerous in the information security game. Here are a few things to keep in mind when configuring your firewall.

Continue reading →

SQL injection is one of the most common web vulnerabilities exploited. This method allows an attacker to read or modify crucial information in a web application database. The severity of damage from SQL injections can range from information disclosure (such as user information, passwords, CC info, etc) to complete system compromise and code execution.

A few previously vulnerable open source applications:
PHPNuke, MyBB, Mambo CMS, ZenCart, osCommerce

While this attack applies to any database, some databases are preferred by attackers because they yield more useful information or allow for greater control once exploited. For example, MS SQL has the “extended stored procedure call” feature which allows any system level command to be executed via the MS SQL server. This is obviously very powerful but can also be very dangerous.
Also, error messages displayed by the MS SQL server tend to reveal more information than a comparable MySQL server. There are steps which can be taken to limit the useful error information MS SQL divulges to would-be attackers and these precautions should be taken by anyone using MS SQL in a production environment.

Continue reading →

In this article we will learn how to correlate open ports with software running in a Linux server and understand why this knowledge is critical to operating and maintaining a secure environment.  When a server is compromised, the result is not always as rash as complete data loss.  Often the hacker will use the compromised host to perpetrate his primary goal, which is maintaining anonymity.  One method to achieve this is install and operate software which proxies network traffic. Due to this, the ability to generate a list of network-bound software and audit each is important.

This information is not limited to analyzing compromised or servers with security issues, as understanding what software running in your server that accepts input over the network (internet) is vital to keeping your server secure.

Continue reading →