logo.png
Guided Website Threat Review

Foregenix Blog

Mike Hinton

Is My Hosting Provider Protecting My Website?

Recently, it was discovered that over 14 million Verizon customers data, including PIN’s, had been exposed on an unprotected web server.  Three million WWE fan’s personal information was left exposed when it was discovered to be on an unprotected web server.  Both of these took place in the same month.  It happens more often than you’d think and the solution can be as simple as talking to your hosting provider.

An unprotected web server potentially leaves customer card data and other sensitive information vulnerable to a breach.  Most hosting providers will supply their clients with a basic firewall, which whilst useful, will not completely protect the website.  By their nature, firewalls are built to protect a network.  For example, your firewall at home can be set up to stop any external access to your computers.  However, in order to let people visit your website, you can’t have a firewall that blocks all access.  If you did, you’d end up with a dead website and zero business.

web-application-firewall.jpg

People need to be able to get through the firewall to see the content you’re offering.  Not all of these people are going to be good, some of them will have malicious intentions.  This is where a Web Application Firewall (WAF) comes in.

A basic network firewall is usually configured to only inspect the basics of any network packet - this is known as Stateful Packet Inspection (SPI). These include: the destination IP address, port number, whether it belongs to a valid session and information located within the packet header and footer.

An SPI firewall simply controls the incoming traffic and will not prevent attacks such as innocuous web browsing, spyware, adware, Trojans or other malware, as the content of the packets are not inspected. Intelligent network firewalls are available, which provide Deep Packet Inspection (DPI), where not only is the packet header and footer inspected, but the data part of the packet is searched and compared against a set of pre-defined rules. 

These types of advanced network firewalls will protect against certain types of known malware, Trojans, and spyware (depending on the rule configuration) but will not protect against application-based attacks such as SQLinjection, Cross Site Scripting, or brute force attacks. These are regularly seen by the Foregenix forensics team as the root cause of most eCommerce website breaches.

A WAF (Web Application Firewall), however, is able to determine the exact intention of the HTTP(S) content at the application level filtering out illegitimate traffic based on rule sets. This makes the WAF considerably more versatile when protecting your web environment.

WAF’s are often used to monitor the information being input into a webform or search tool. The WAF will be able to detect whether the data being input is legitimate or malicious (assuming it is configured correctly). For example, dates, post codes and product information may all be legitimate. But if you put code into that form with the intention of manipulating the application, you can sometimes find exploits that will give you direct access to the database that’s contained behind it.

Having an additional layer of checks against the data being input will defend against things like database injections and buffer overflows. Having something at the application level validating input into the web fields becomes critically important especially when sensitive data is involved.  No single firewall solution can provide your server with complete and all-round protection as it is vulnerable from both network and application attacks. Therefore, it is vital to have protection in both network and web application firewalls to achieve the ultimate defense in depth.  

So, in answer to our headline question ‘Is my hosting provider protecting my webserver?’ the response is: Possibly, but most likely only at a network layer. Naturally websites that get breached have hosting providers, as otherwise they wouldn't be trading online. Most hosting providers will tell you that a network firewall is enough to keep you protected, but this is not the case. A Web Application Firewall offers the extra layer of protection needed to keep you secure. If you're only running a WAF or only a network firewall, you're susceptible to an attack; both are required to fully protect your website. It doesn’t take long to find out what's protecting your website and it could save you the cost of a breach. 

 

TRENDING POSTS

Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Jake Dennys
17/10/17 10:33

Foregenix Highly Commended at Fraud Awards 2017

Earlier this year we were shortlisted for a prestige award at Fraud Awards 2017, presented by Retail Risk. Judges had selected Foregenix as a ...

Read More

Jake Dennys
09/10/17 14:24

Why an SSL certificate won’t protect your website, but FGX-Web will.

Having an SSL (Secure Sockets Layer) certificate on your website is important and it's also a good thing to have. The little green padlock in the ...

Read More

Mike Hinton
04/10/17 10:55

Is My Hosting Provider Protecting My Website?

Recently, it was discovered that over 14 million Verizon customers data, including PIN’s, had been exposed on an unprotected web server.  Three ...

Read More

Jake Dennys
28/09/17 10:21

We're Showcasing Cybersecurity at Ecommerce Expo 2017!

Flyers printed, banners set up, scanners prepped, we are officially at Ecommerce Expo 2017! It’s our first year at the show and we’ve hit the road to ...

Read More

Paul Taylor
25/09/17 12:09

Responsible Disclosure of Zero-Day Vulnerabilities Discovered in NfSen and AlienVault OSSIM

Part 1 of 2 – Introduction and Background NfSen is an open source netflow data capture and analysis module which can be used as a standalone product, ...

Read More