Protecting Your Network from Hackers
BY John Biggs
Safeguarding servers across an enterprise includes shutting down unnecessary access, installing a VPN and keeping some servers behind the firewall.
Jason Chen, a former systems administrator and programmer for an e-commerce company, woke one March night last year to the sound of his cell phone buzzing. He had created a program to notify him by phone when important files were changed or certain transactions were complete on the company's computer system. But that night it was going crazy. Hackers had attacked his company's servers and the system was in its final death throes, calling out to him over his phone.
Chen groggily pulled on his sweat pants, and made the 20-minute drive down to the office. When he got there, he saw that intruders were accessing the machines remotely.
"I quickly turned off the Internet connection and saw that I was being attacked by a Turkish hacker group," Chen recalls. "After recovering the website from a week-old backup, I looked to discover why the intruders got access through the firewall. Developers had opened a few ports because they wanted to work from home and access the server and then they forgot to close them."
Chen's experience wasn't that unusual. Firewalls are often a small or medium-sized business' only line of defense against hackers and they sometimes fail. But the number and sophistication of hacker continues to rise, as cyber attacks increasingly target financial gain and are coordinated by organized rings of criminals as opposed to disgruntled teens. In addition, the increasing use of remote access to business networks by employees and the growth in connectivity by business partners has blurred the lines between internal and external networks. These are some of the reasons why it is more important than ever that business leaders understand what they can do to keep hackers out of their servers and, more importantly, how to close up holes that might pop open without their knowledge.
Forrester Research analysts Paul Stamp and Robert Whiteley wrote in a recent report that most companies -- 80 percent in fact -- had firewalls while only 49 percent had any form of intrusion detection. At the same time, only 26 percent used a secure virtual private network (VPN). While the obvious pieces are usually put in place, the most important aspects -- secure system architecture and quarantine servers -- are often overlooked.
Here are some tips on how to protect your business network from hackers:
The key to controlling your server assets is deciding which servers are forward-facing and which servers should be kept completely behind your firewall. Forward-facing servers should be stripped to their barest minimum -- if you're using Windows, turn off all Web features, close all ports, and enable only the applications you need like your SQL database server or Web server. Better yet, move the SQL server to a separate machine and create an encrypted connection between the two.
If you are using a stock version of Linux, be sure to shut down any and all unnecessary programs and servers. Stock Linux installations often include mail servers, graphics programs, and other detritus. Uninstall these immediately.
Although your users will hate you for it, use a VPN to access data from the outside or, better yet, create a secure Web-repository for important data. Use encryption on the server to keep things secure and transfer data to and from the webpage using SSL encryption. Hackers can't do anything with encrypted files, even if they get past all of your defenses.
When working with an IT team, have them create a Venn diagram of two overlapping servers. One side will be the forward-facing servers and the other side will contain internal servers. The overlapping points are considered a DMZ, a no-man's land full of encrypted connections or, better yet, no connections at all. Some servers will need to be on the outside -- email, Web, FTP -- and some will stay on the inside, ideally only connected to your internal network. Label any and all possible entrances and exits into the internal servers, thereby allowing you and your team to keep track of potential holes in your armor.
No system is hack-proof, but with a little preparation your business can create a set up that is as close as you can get without disconnecting from the Internet entirely.