With data centers hosting critical applications and data, what are some of the security
risks that can impact the business and operations? Authors in this article have pointed out five major ways that hackers can use to steal data from data centers.
From data stealing malware and spam to phishing attacks, viruses, bots, and more – the list of security threats continues to rise. The tools and techniques used by attackers to exploit data center resources are becoming more sophisticated by the day. IT managers must be on guard to combat any new threats that may come up.
The explosive growth in data and cloud-based models calls for better planning and management of data centers, effective deployment of IT assets and optimal resource utilization. Even as organizations increase their data center capacity, they want to minimize maintenance costs and ensure maximum availability and reliability. They also need to protect their data center assets from attack and data loss. The emergence of new security threats can put enterprise data and reputation at greater risk.
Five security threats that data centers face today include:
DDoS Attacks: Disrupting Essential Services: Distributed denial-of-service (DDoS) attacks are now becoming commonplace. Servers are a prime target for DDoS attacks and, increasingly, they are an attack weapon in the escalating war to disrupt and disable essential Internet services. The new generation of attackers is now exploiting web application vulnerabilities to turn web servers into “bots”. Bitcoin was a target of a DDoS attack that resulted in a heist estimated over $100 million as reported by Threatpost. DDoS attacks are commonly used as distractions to longer term data exfiltration. While the overall business impact of a DDoS attack is difficult to estimate, it is costly in terms of financial losses, reputational damage, and customer attrition.
Web Application Attacks: Exploiting Online Vulnerabilities: Attackers are launching web attacks like SQL injection, cross-site scripting (XSS) and cross-site request forgery (CSRF) to break into critical web applications. Recently, hacktivists have taken aim at Content Management Systems (CMS) like WordPress, Joomla and Drupal as well as third-party CMS plugins. This series of attacks on CMS applications revealed a gaping hole in the age-old strategy to lock down applications by writing secure code. Because CMS applications are usually developed by third parties and not internally, organizations can’t rely on secure coding processes to protect these applications. With 35% of all breaches caused by web attacks , organizations, now more than ever, need proactive defense to block web attacks and “virtually patch” vulnerabilities.
The Heartbleed bug in 2014 was a serious vulnerability in the popular OpenSSL library used for data encryption. The bug left large amount of private keys and other secrets exposed to the Internet and the vulnerability enabled hackers to easily steal chunks of, previously secure, sensitive data such as passwords, instant messages, credit card details, user names, session cookies, and encryption keys from servers running on the vulnerable OpenSSL versions.
SSL Blind Spots: Lack of Visibility: Blind spots pose a security threat for IT security teams. Why? Because lack of visibility doesn’t mean lack of threat – it just means we can’t see the threats, which makes them far more dangerous. Encrypted traffic may contain the worst of threats, not to mention unsuspected performance and compliance issues that security and networking tools should be screening and moving along to resolution. Essentially, loss of visibility means loss of control: threats running riot, with managers and operators unaware.
Authentication: The Weakest Link in Corporate Defenses: Organizations often use various authentication techniques to verify user identity and control access to countless applications. With proper authentication, application owners can restrict access to authorized users and can customize content based on user identity. Unfortunately, many application owners only enforce single-factor, password-based authentication, which exposes them to a host of threats including highly automated brute force attacks from password cracking tools. Two-factor authentication can drastically reduce the risk of password cracking but can’t eliminate it. As a result, organizations need an integrated solution that can centrally manage authentication services and can block users with repeated failed login attempts.
DNS Servers: Hackers’ Preferred Target: DNS (Domain Name System) servers have gained the dubious distinction of becoming a top attack targets for two reasons. First, taking DNS servers offline is an easy way for attackers to keep thousands or millions of Internet subscribers from accessing the Internet. Second, attackers can exploit DNS servers to amplify DDoS attacks. In the case of DNS reflection attacks, attackers spoof, or impersonate, the IP address of their real attack target. They send queries that instruct the DNS server to recursively query many DNS servers or to send large responses to the victim. As a result, powerful DNS servers drown the victim’s network with DNS traffic.
To safeguard their data center infrastructure, organizations can deploy Application Delivery Controllers (ADCs) with in-built web application, DDoS, and DNS attack protection. Deployed in the heart of the data center, ADCs can block attacks, intercept and inspect encrypted traffic and prevent unauthorized access to applications. With data centers hosting critical applications and data, it has become even more pertinent for organizations to adopt the most comprehensive security solutions to safeguard their assets against such attacks.
Attackers have set their sights on data centers. Whether seeking financial gain, competitive intelligence or notoriety, they have centered their focus on data center servers and applications.
To carry out their assaults, attackers:
Leverage off-the-shelf toolkits, automation techniques and armies of bots to launch
devastating DDoS attacks
Target web and DNS servers, not only to steal and manipulate data, but also to transform
these servers into weapons to unleash powerful DDoS attacks
Conceal their exploits from security devices using SSL encryption, exposing blind spots in
Exploit weak authentication controls to compromise user accounts
Organizations need a solution that can lock down their data centers against these threats. If
they ignore them, they incur the risk of a high-profile data breach, downtime and even
brand damage. Because data centers host critical applications and data, organizations must
safeguard these assets against attack and abuse.
Authored By: Mr Tee Soo Kiat, Director, Systems Engineering, APAC for A10 Networks