We use cookies. You have options. Cookies help us keep the site running smoothly and inform some of our advertising, but if you’d like to make adjustments, you can visit our Cookie Notice page for more information.
We’d like to use cookies on your device. Cookies help us keep the site running smoothly and inform some of our advertising, but how we use them is entirely up to you. Accept our recommended settings or customise them to your wishes.
×

Web Security: Know Your Enemy

Jamie Riden, Ryan McGeehan, Brian Engert, and Michael Mueter recently released a depressing whitepaper on the prevalence of web attacks titled "Know Your Enemy". They're members of the New Zealand, Chicago, Chicago, and German Honeynet Projects, respectively. "Honeypots" or "honeynets" are computer systems set up as traps for attackers. In their study, they observed roughly 20 attack attempts each day(!) on each server. Some attackers hid behind proxy servers (including Google Translate). Some used "onion routing" to disguise their origin. The goal of the attacks included sending spam, blog comment spam, web site defacement, bandwidth and disk theft, botnet recruitment, and phishing. One phishing attacker attempted to place a convincing copy of Google's Orkut on the server, hoping to use the hardware to phish Google logins:

Now, you're probably not running any of the specific open source apps discussed in this paper on your exposed servers, so you may not face the exact exploits described. Regardless, hardening an e-commerce web site is hard, and too many web retailers underestimate the risk of attack. The threat is real and increasing. Web security isn't just an IT issue -- security should be an active concern for marketing and senior management. Know Your Enemy: a good introduction to a critical topic.
Join the Discussion