0

Possible Duplicates:
Hardening Linux Server
How to best defend against Targeted Attacks?

I read this news: Anonymous hacker group hits Apple, publishes data

My question: How do we proactively protect our servers from anonymous hacker? Proactively protect here means the ways to beef up security and hardening the servers with the help of Intrusion Detection Systems to minimize damages.

Community
  • 1
Gens
  • 1
  • 1
  • 1
  • 2
    if you have a look at the 'Related' sidebar on the right you will see a wide range of similar questions; linux hardening, apache hardening, IDS etc. Have a look at them as they may give you all the info you need. This q seems likely to be a duplicate. – Rory Alsop Jul 05 '11 at 14:00
  • 1
    Welcome to the site! Unfortunately, this appears to pretty well be a dupe of a bunch of other questions already on the site. Browse through the questions in the [tag:hardening] and [tag:ids] tags. If there are any specifics you don't see, ask those as new questions. – Scott Pack Jul 05 '11 at 14:04
  • 1
    Hi @Gens, welcome to the site! Please take a few minutes to look around, especially use the search features. I'm sure you'll find many more interesting and relevant questons that have already been asked. – AviD Jul 05 '11 at 20:31
  • @Gens, your question is very difficult to answer so they close it. They don't have answer! – user774411 Jul 06 '11 at 08:42

2 Answers2

3

The first thing to acknowledge is that there is nothing special about attacks from an organization such as anonymous.

Please note that I'm not saying that you should not try to protect yourself from those hacking groups. What i am saying is that, unless you are specifically targeted or are part of a target scheme by a group, those organizations' attacks will be the same as the many attack attempts that security professionals see every day.

The only time that a group such as anonymous will actually change security initiatives is when you start looking into APTs (advanced persistent threat). If you are not familiar with the term, or even if you are, i suggest that you take some time researching what an APT is (there is no clear definition).

The best defense against that kind of threat is the bolstering of current industry security practices. This means a combination of tools; use security information/event management (SIM/SEM) technologies, intrusion detection/protection system (IDS/IPS) technologies, network behavioral analysis (NBA) technologies, proxys, anti-virus, firewalls, etc. Making a more comprehensive solution and paying more attention to changes in your environment is what needs to be done.

The idea that some organization is deliberately using a multitude of different technologies/techniques together to attack your system requires the use of a multitude of defense technologies/techniques that are correlated to defend against it.

So, the simple answer is this... There is no different way to defend against organizations such as anonymous, use the tools and techniques that already exist and keep a watchful eye.

Ormis
  • 1,940
  • 13
  • 18
2

The question you've got is fairly general, so it's hard to give a very specific response. However here's some elements that'd be well worth thinking about/implementing.

  • Consider your Threat profile. Not every company is likely to be a target of "Anonymous" style attacks, and it's important to gear the level of controls you put in place to the level of threat you face
  • A lot of the recent attacks have been completed (at least as far as public reports go) using relatively straight-forward web application hacking techniques (eg, SQL Injection), so defending your externally facing application from this kind of attack is likely to be important. that could be done through a combination of Web application security assessments, code review of externally facing applications and/or use of defensive technologies such as Web Application Firewalls. The key is to ensure that your "at risk" application are getting reviewed and that the findings are getting remediated.
  • One potential issue with using Intrusion Detection Systems (IDS), is that they may not have visibility of the attack traffic, if the application is using SSL, and if so they will have difficulty in detecting/alerting/responding to the attack. So if you do want to use this kind of system, it's important to ensure that it's correctly placed/configured.
Rory McCune
  • 61,541
  • 14
  • 140
  • 221