A recent Yahoo! server security breach exposing 450,000 usernames and passwords indicates that there are certain security measures that cannot be ignored. Yes, it is true that every web server is exposed to security risks, but through some precautionary steps, the damage can be controlled or minimized to a great extent.
In addition, server producers such as Dell try their hardest to make the servers as safe as possible. Network security administrators should spend more nights working on strengthening their network security system.
Not only this, the network administrator should also double-check that the basic security principles are correctly implemented. In this article we will discuss a few lessons we have learned from the recent successful hack attack on the web giant.
1. Surviving The SQL Injection Attack
Yahoo! servers were hacked with the help of SQL Injection technique. This technique is very old, and one can find a significant number of tutorials pertaining to SQL on the web.
This is one of the reasons that SQL Injection technique is commonly used to hack the world’s servers and databases these days. Fortunately, SQL Injection attack is quite easy to avoid. The Open Web Application Security Project has created an SQL Injection Prevention Cheat Sheet, which discusses how we can avoid these kinds of attacks.
2. Surveillance Of The Data Being Transmitted
If hackers access the database, then they will surely try to steal database tables, MySQL variables, and other confidential data. All this data will be transmitted from the database to your web server and then to the hackers’ PC.
In order to reduce the damage and control the security breach, there must be a surveillance tool installed in the web server that will keep track of data being transferred. If this surveillance system finds any suspicious activity or confidential data being transferred, then it should alert the IT administrators.
In this scenario, the IT administrators should be experts and know the necessary procedures in case of security breaches.
3. Encrypted Confidential Information
If there are pieces of information that are supposed to be confidential or private, then you should store them within the database in encrypted form. So if someone accesses the database, then you can make sure that the data is encrypted, and they will not be able to access the information.
4. Instituting Least Privilege Access Among Network Entities
Once the security breach has occurred, there is another essential security step that proves to be quite substantial. This technique comprises of giving limited access to the users.
So if a certain user or application account has been hacked, then the hacker will not be able to access restricted areas. Rather these areas can only be accessed through an administrator account.
All web servers are exposed to hack attacks, so avoiding hack attacks is also a significant challenge. Luckily, many online sites are successfully defending themselves from these attacks.
Yahoo! server was hacked through SQL Injection attack. This attack is avoidable if necessary steps are taken. To prevent attacks, the network data transfer must be monitored, secret information must be encrypted, and least privileges access must be applied.
Even after all these techniques are implemented, the IT administrators should remain up-to-date on the latest online threats