Do you have a website up?
If so, how important is your website to you? Is your site informative to family and friends, or is it an important part of your business? What would happen if the information on your site or your web applications were compromised? Web security threats are real. You may not realize it, but there are people out on the Internet who want to exploit, damage, or deface your website. These people are often called scriptkiddies. A scriptkiddie, usually a teenager, is a person of limited technical proficiency who wants to gain control of your system. But, by using a single tool and a system exploit can cause you a great deal of grief.
What do they do?
Script kiddies hack into your web server and gain control of your system. They try to defeat all of your web application security and get around your application firewall.
Why would someone do such a thing?
Some of the more criminally minded do it for the money by engaging in fraud, theft or even blackmail. But, most script kiddies are teenagers and do it for the thrill. They want to expose the vulnerability of your web security and other application security measures. They usually deface your web site to cause you some embarrassment and to show their peers what they have done.
How do they do it?
Typically, script kiddies use the same techniques and methods used by criminals. They randomly select a target, which is any web server connected to the Internet. Script kiddies follow a simple process. First, they compile a database of IP addresses that are reachable and operational. Second, they scan the addresses to identify a specific application, operating system, or web security vulnerability. Then finally, they access the system and gain control. Once the script kiddie gains control, he or she ‘covers their tracks’. Like anyone snooping in an area in which they do not belong, the script kiddie wants to hide his or her presence. Once assured they are undetected, the script kiddie clears the log files and edits or replaces files throughout the system. Usually script kiddies then do one of two things: use the system as a jump off point to scan and exploit other systems or they attack the system to which they’ve gained access.
So, what can you do?
1. Make your server less ‘available’. Script kids scan for active IP addresses to identify servers. That means the script kiddie may ‘ping’ an IP address and log those that respond. Limit the response your system makes to ICMP pings or other data packets from outside the Internet.
2. Harden your Operating System. Script kiddies scan to identify the OS and applications that can be exploited. Make sure you are up-to-date on all of your security patches and updates.
3. Alert you when the system changes. Script kids launch worms, make changes to the system content, or launch various probes such as a sniffer to uncover information. It’s important that as the system administrator, you are alerted to certain activities logged by the system.