Hacking & Web Security – What You Need to Know Given all the news of late about hacking and its potentially harmful effects, we thought outing together a useful guide to hacking would be helpful to our clients. In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term “hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the websites, email accounts and other computer networks. Common Network Hacking Techniques Hacking on computer networks is often done through scripts and other network software. These specially-designed software programs generally manipulate data passing through a network connection in ways designed to obtain more information about how the target system works. Many such pre-packaged scripts are posted on the Internet for anyone – typically entry-level hackers – to use. More advanced hackers may study and modify these scripts to develop new methods. Hacking techniques on networks include creating worms, initiating denial of service (DoS) attacks, or in establishing unauthorized remote access connections to a device. What do they want with my website? You might now be wondering what this has to do with your company website that does not store users’ credit card information or nude pictures of Scarlett Johansson. Well, hackers can turn your website into an advertisements for questionable products like designer-imposter handbags or porn sites. By injecting your site with their content, they are hoping to use your good search engine positioning to improve theirs, by leveraging Google’s in bound links algorithm. They can also hijack the hosting server to be used in botnet DDoS attacks on other servers, meaning that they use your server’s address to cover their trail. And even worse, they can hack into your website databases and destroy or manipulate important information, or even send sensitive user data to other hackers. Protecting Against Hacking Luckily there are things that you can do to secure your website from hackers and becoming a target for online vandals. Here’s a roundup of the easiest steps you can take: 1) Keep All Software Updated Whether your website was built from scratch by your development team or you chose to create a DIY site on a third party turnkey platform, as a site owner it’s your job to ensure that every piece of software you run is up to date. At Desktop Solutions, we run round the clock diagnostics on all of our servers, and install regular security patches and updates to all content management systems to make our sites less vulnerable to these attacks. 2) Use Strong Passwords, Change Regularly Using strong passwords is an effective way to limit if not completely eliminate brute force and dictionary attacks. Strong passwords are not just a requirement for your email or financial transactions online, they are also imperative for your website server, admin and database passwords. Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long to prevent brute force attacks. Do not use the same password for all your different website logins. Change your passwords regularly to keep them doubly secure. Store users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords. 3) Switch to HTTPS HTTPS or Hyper Text Transfer Protocol Secure, is a secure communications protocol that is used to transfer sensitive information between a website and a web server. Moving your website to the HTTPS protocol essentially means adding an encryption layer of TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to your HTTP making your users’ and your own data extra secure from hacking attempts. While HTTPS is a necessity for all online transactions, the rest of the website is usually on HTTP in most cases. However, all that is about to change with Google’s recent announcement that HTTPS will be a search ranking factor. Besides the security aspect of things, it now makes even more sense to shift your entire website to HTTPS to improve your search rankings simultaneously. 4) Web Application Firewalls Just as you lock your doors before leaving your house and install antivirus software on your desktop computer before browsing the web, you should also have a security system to serve as your website’s first line of defense against hacking attacks. A Web Application Firewall is that first line of defense. These solutions are designed to inspect incoming traffic, provide and weed out malicious requests –- offering protection from SPAM, brute force attacks, SQL Injections, Cross Site Scripting and other OWASP Top 10 threats. Until just a few years ago, Web Application Firewalls were only available as hardware appliances, but today providers are revolutionizing the industry by using cloud technology to cut down prices of security solutions previously found only in enterprise level setups. Consequently, all website owners can now “rent” a cloud-based Web Application Firewall, without committing to pricey security appliances or even owning a dedicated hosting server. Better yet, these plug-and-play services don’t require you to hire security experts or attempt to learn every aspect of web security. (Most of us just don’t have the time to become cybersecurity experts too.) With hundreds of thousands of websites hacked every year, it’s becoming clear that even well-managed sites and vigilant hosting firms are still vulnerable to these attacks. Cloud-based Web Application Firewalls are filling that void. Conclusion Most of us go through life with the philosophy ‘It won’t happen to me’. However, that philosophy has been proven not to be true in the world of online security. A successful attack on your site not only leads to compromising of users’ data and your own information, it can also lead to a blacklisting of your site by Google and other search providers as your infected site risks spreading malicious content throughout the web. Erring on the side of caution works best in this area. Implement at least these basic steps right away, to avoid being a soft target for malicious hackers.