Page 20 - Cyber Warnings
P. 20
3. Downtime and non-availability: To reduce reputation damage, the website could be
made not available for some time but this could be a major disruption, because root
cause analysis and remediating vulnerabilities may take long time.
4. Losing Customers and business: It’s very much understood that any of the above
three impacts will give rise to customer loss which further will give rise to financial loss.
Preventive measures for website defacement may include:
1. Safe API: Be careful with the APIs and always use safe API because API may
introduce SQL injection and in case parametrized API is not available make sure to
escape special characters.
2. Input Validation: White list input validation is always recommended because it will
help against SQL Injection, cross site scripting etc.
3. Escape: Always escape all untrusted data and special characters when taking input
through the website.
4. No misconfiguration: Use strong passwords, never use default passwords and
employ account management to prevent unauthorized intrusions. Never leave ftp
services on anonymous access mode, always use strong password for the same.
5. Penetration Testing: Periodic penetration testing will help in identifying the
vulnerabilities and will assure the strength against the exploits. Web application
audits other than penetration testing will help in improving the security.
6. Backup: Having a backup of the site will help in reducing downtime and non-
availability and will help in reverting to normal state. This will also ensure users about
security capabilities and will build trust.
7. Monitoring: Monitoring is a continuous process i.e. it is not yearly or monthly while it
is near to real time. Monitoring of unauthorized access, unauthorized changes to web
servers, unexpected traffic, access to control servers etc. will help in preventing
website defacement before it occurs. Also it will help in performing forensics and root
cause analysis.
Ransomware
Ransomware, a word which is very much popular now days and many of us thinks that
ransomware is one of the latest attacks while the truth is that the first known ransomware was
identified in 1989 and its name was AIDS Trojan. But yes since 2011 and 2015 it has become
very famous due to attacks on Windows and Mac OS respectively. And now ransomware is
20 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
