In today’s competitive environment, few businesses can thrive without having an internet presence. Whether they use a website to drive traffic to a physical location or operate a completely online store, fledgling entrepreneurs and major corporations alike rely on the internet to drive sales and increase their profits. Unfortunately, cybercriminals also have a significant online presence. Some of the bad actors only want to create chaos, but others are out to steal secrets, money, and data. Legitimate businesses usually rely on their hosting provider or ISP to keep their sites and data secure, but breaches can still occur. If you are responsible for the security of an ISP or hosting service, you can help protect your clients by adhering to these best practices.
- Backups can help companies avoid serious impacts on their operations. You should be securing backups away from the server. Furthermore, you should periodically test your ability to restore the data even if your client maintains control over restores.
- Obtain all operating systems and software from a credible source via a trusted network. Ensure that all patches, service packs, or updates are installed in a timely manner.
- Monitor your internal network for unusual activity and/or intrusions. Effective monitoring can help prevent malware from spreading from one server to another.
- Ensure that your servers are properly protected against distributed denial of service attacks. In recent years, DDoS attacks have been increasing. However, you should look for a way to filter attacks without hindering legitimate traffic. Although an effective firewall can help, firewalls alone are seldom successful against sophisticated DDoS attacks.
- Restrict physical access to servers to only technicians who have security clearance.
- Ensure that all changes to your servers are handled remotely. Use SSH or its equivalent to log in; using RSA keys can give you an extra layer of security. Disable the ability to log in as the root user as this is a common access point exploited by cybercriminals.
- Require employees to change their passwords periodically and require strong passwords. Passwords should also be changed whenever there are changes in personnel or equipment. Furthermore, passwords should be changed if a cyberattack is detected even if the attack is unsuccessful.
- Install utilities to monitor application uptime. Remove any apps that are unused to prevent the exploitation of unpatched vulnerabilities.
- Assign privileges appropriately. In general, every employee should receive the minimum privileges necessary to perform his or her job.
- Perform regular scans for malware and viruses that may have infected your servers. If any issues are found, quarantine, and remove them promptly.
- Have a disaster recovery plan and test it periodically. Keep in mind that a RAID configuration is not a disaster recovery solution.
- Conduct a code review of every new application you plan to launch. Use both human inspection and automated tools to conduct a full-context review that includes login, authentication, processing, and encryption.
- Configure a web application firewall to monitor application traffic and block SQL injections.
- Employ secure sockets layer technology whenever sensitive data will be transferred to or from your server. Choose SFTP for file management.
Your clients are trusting you with the health of their businesses, and you do not want to let them down. Incorporating the above best practices is one way to help ensure that you succeed in your mission.
At Abusix, we understand the challenges faced by ISPs and hosting services. We created AbuseHQ to help the security and abuse teams at hosting providers, network service providers, cable providers, and telecommunications companies identify and respond to incidents. We offer a security orchestration, automation, and response solution that is simple to configure and easy to integrate with virtually all other security tools. AbuseHQ provides a unified format that prioritizes reports and assigns them meaningful categories, allowing you to identify the source and immediately respond to threats.
The numbers tell the tale: 99% of all events are resolved automatically, and the workload for your analysts can be reduced by 92%. AbuseHQ lets you react faster, prioritize responses, and reduce your costs. In short, we can help you do more to protect your customers for less.