There’s a lot of buzz going around in many online communities concerning the recent distributed denial of service (DDoS) attacks the world has witnessed. In many of my own circles I’m often the only security guy in the room so I end up fielding a lot of questions, the most common of which is, “how do they do this stuff?!” In this District #AskSecPro series, I’ll be explaining the anatomy of D/DoS attacks and the practical weaponization of regular computers.
Category: Ask a Security Pro Page 2 of 3
There are times when a website may want to send a visitor to another page either immediately or after a specified amount of time (usually seconds). As an example, consider an outdated page that you believe your visitors have bookmarked – You don’t want to lose the traffic, so you just automatically redirect them to another page. While less common today, these redirects and forwards do still exist, but if not setup properly, they could pose an outside risk to your online presence.
It can come as quite a surprise when a site owner is notified that their site has been compromised with malware. After the shock wears off, and the immediate impact understood, it’s important to take stock of what has actually happened behind the scenes and then clean it up. The best advice anyone can give you is to make frequent, downloaded backups of your site in the event something happens to the live version so that the clean backup can replace the live, hacked version.
But what if there is no clean, viable backup available? In a world where websites have hundreds, if not thousands of files, how can any one person go about cleaning out an infection in just a small number of those files?
Some of the most significant reasons that WordPress has seen such widespread adoption is because it’s free, because of its modularity where features could be simply plugged-into the website with a few clicks, and because of its ease-of-use in that non-developers can easily develop websites. On the other hand, free software means you’re going to be performing a lot of your own support. Modular features mean you’re potentially introducing code that may not have been properly audited. And eliminating the developer means you’re now the one responsible for the integrity of the project. That means you’re supplementing the role of the developer to the best of your abilities and if you want your website to remain a safe place you need to become familiar with how a Secure Development Life Cycle (SDLC) works, in what I’ve termed the Secure Website Life Cycle (SWLC) for WordPress Administrators.
Content Delivery Networks (CDNs) have been the subject of many conversations for me lately. I think primarily because people are becoming more aware of just how significantly site speed can impact visitor turnover and SEO. With the ever-increasing complexity of interactive websites, server resources are being taxed more than ever; unfortunately, this is often at the cost of site speed. Generally, visitors have come to favor these more interactive features, increasing the demand for complex applications that require more resources. CDNs have become the favored choice to tip the scale of performance back in favor of speed.
If you’ve ever seen me at a WordCamp, you’ve probably heard me answer this question, and likely more than once. When it comes to malware scanning on a WordPress website, what makes the SiteLock® malware scanners different from the competition? Well, scanners simply are not created equal. My go-to short answer is typically explaining one of our scanners’ “killer features,” like its ability to automatically remove malware.
Security researchers at security firms like SiteLock® audit code that has been flagged as suspicious, either by individuals or by an automated system performing behavioral analysis (which we’ll talk more about in the next section), to determine whether or not the code is actually malicious. If a file or piece of code is deemed malicious by the security researcher, it enters the database, typically as either a file match signature, or a code snippet signature.
You could consider signature-based analysis to be like a policeman running the plates of every car in a parking lot against the police department’s database of stolen vehicles. While this may be an effective method for finding stolen vehicles, if the license plate on the car has been changed or obscured, the car will most likely be overlooked. Keeping with this analogy, behavioral analysis would be the detective.
Back in February, a colleague and I delivered a talk on website security at WordCamp Miami. Among the many great questions we received both during the talk’s Q&A and at our sponsor booth, one common theme kept reoccurring from attendees: How does malware detection really work?
If you want to check out our WordCamp Miami talk, “Beyond the Basics: Building Security into Your Development Projects,” and the corresponding slides are available online.
In Part Three of our firewall series, we’re drilling down into some of the mechanisms used in firewalls, namely the progression from stateless to stateful packet filtering. First, packet filtering is the action of inspecting the traffic traversing the firewall’s network to determine if the traffic is meeting the firewall’s security policy. Traffic conforming to the firewall’s security policy is allowed to proceed, while traffic not meeting the policy (e.g. a malicious attempt) is blocked.