We use cookies to personalize content, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. For information on how to change your cookie settings, please see our Privacy policy. Otherwise, if you agree to our use of cookies, please continue to use our website.

Web Security: Know Your Enemy

Jamie Riden, Ryan McGeehan, Brian Engert, and Michael Mueter recently released a depressing whitepaper on the prevalence of web attacks titled "Know Your Enemy". They're members of the New Zealand, Chicago, Chicago, and German Honeynet Projects, respectively. "Honeypots" or "honeynets" are computer systems set up as traps for attackers. In their study, they observed roughly 20 attack attempts each day(!) on each server. Some attackers hid behind proxy servers (including Google Translate). Some used "onion routing" to disguise their origin. The goal of the attacks included sending spam, blog comment spam, web site defacement, bandwidth and disk theft, botnet recruitment, and phishing. One phishing attacker attempted to place a convincing copy of Google's Orkut on the server, hoping to use the hardware to phish Google logins:

Now, you're probably not running any of the specific open source apps discussed in this paper on your exposed servers, so you may not face the exact exploits described. Regardless, hardening an e-commerce web site is hard, and too many web retailers underestimate the risk of attack. The threat is real and increasing. Web security isn't just an IT issue -- security should be an active concern for marketing and senior management. Know Your Enemy: a good introduction to a critical topic.
Join the Discussion