logo.png
GET GDPR READY

Foregenix Blog

Mike Hinton

Is My Hosting Provider Protecting My Website?

Recently, it was discovered that over 14 million Verizon customers data, including PIN’s, had been exposed on an unprotected web server.  Three million WWE fan’s personal information was left exposed when it was discovered to be on an unprotected web server.  Both of these took place in the same month.  It happens more often than you’d think and the solution can be as simple as talking to your hosting provider.

An unprotected web server potentially leaves customer card data and other sensitive information vulnerable to a breach.  Most hosting providers will supply their clients with a basic firewall, which whilst useful, will not completely protect the website.  By their nature, firewalls are built to protect a network.  For example, your firewall at home can be set up to stop any external access to your computers.  However, in order to let people visit your website, you can’t have a firewall that blocks all access.  If you did, you’d end up with a dead website and zero business.

web-application-firewall.jpg

People need to be able to get through the firewall to see the content you’re offering.  Not all of these people are going to be good, some of them will have malicious intentions.  This is where a Web Application Firewall (WAF) comes in.

A basic network firewall is usually configured to only inspect the basics of any network packet - this is known as Stateful Packet Inspection (SPI). These include: the destination IP address, port number, whether it belongs to a valid session and information located within the packet header and footer.

An SPI firewall simply controls the incoming traffic and will not prevent attacks such as innocuous web browsing, spyware, adware, Trojans or other malware, as the content of the packets are not inspected. Intelligent network firewalls are available, which provide Deep Packet Inspection (DPI), where not only is the packet header and footer inspected, but the data part of the packet is searched and compared against a set of pre-defined rules. 

These types of advanced network firewalls will protect against certain types of known malware, Trojans, and spyware (depending on the rule configuration) but will not protect against application-based attacks such as SQLinjection, Cross Site Scripting, or brute force attacks. These are regularly seen by the Foregenix forensics team as the root cause of most eCommerce website breaches.

A WAF (Web Application Firewall), however, is able to determine the exact intention of the HTTP(S) content at the application level filtering out illegitimate traffic based on rule sets. This makes the WAF considerably more versatile when protecting your web environment.

WAF’s are often used to monitor the information being input into a webform or search tool. The WAF will be able to detect whether the data being input is legitimate or malicious (assuming it is configured correctly). For example, dates, post codes and product information may all be legitimate. But if you put code into that form with the intention of manipulating the application, you can sometimes find exploits that will give you direct access to the database that’s contained behind it.

Having an additional layer of checks against the data being input will defend against things like database injections and buffer overflows. Having something at the application level validating input into the web fields becomes critically important especially when sensitive data is involved.  No single firewall solution can provide your server with complete and all-round protection as it is vulnerable from both network and application attacks. Therefore, it is vital to have protection in both network and web application firewalls to achieve the ultimate defense in depth.  

So, in answer to our headline question ‘Is my hosting provider protecting my webserver?’ the response is: Possibly, but most likely only at a network layer. Naturally websites that get breached have hosting providers, as otherwise they wouldn't be trading online. Most hosting providers will tell you that a network firewall is enough to keep you protected, but this is not the case. A Web Application Firewall offers the extra layer of protection needed to keep you secure. If you're only running a WAF or only a network firewall, you're susceptible to an attack; both are required to fully protect your website. It doesn’t take long to find out what's protecting your website and it could save you the cost of a breach. 

 

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Ray Simpson
19/06/18 13:48

Getting to Grips With the Australian Notifiable Data Breaches Scheme.

In light of the Notifiable Data Breaches (NDB) scheme which came into effect in Australia on 22nd February 2018, Foregenix has launched three service ...

Read More

Paul Taylor
21/05/18 09:14

Foregenix Identify Multiple Dell EMC RecoverPoint Zero-Day Vulnerabilities

Foregenix is disclosing six vulnerabilities which were identified in Dell EMC RecoverPoint products during a recent engagement. In the course of the ...

Read More

Andrew McKenna
17/05/18 14:26

Risk & Privacy: What are the board level considerations?

Problem: You’re on the board of a business and want to verify the business is implementing appropriate measures to adhere to security and privacy ...

Read More

Benjamin Hosack
16/05/18 12:30

New Services to Secure Blockchain & Cryptocurrency

Foregenix is proud to announce the launch of its Blockchain & Cryptocurrency Security Practice. Building upon years of experience in the Payment Card ...

Read More

Jake Dennys
14/05/18 15:42

Foregenix Take Best Security at The Techies 2018!

The Techie Awards 2018 are a Business Exchange initiative, created to celebrate the innovation and entrepreneurship of the IT community in Swindon & ...

Read More