Category Archives: waf

My cloud WAF service provider suffered a data breach…how can I protect myself?

In the age of information, data is everything. Since the implementation of GDPR in the EU, businesses around the world have grown more “data conscious;” in turn, people, too, know that their data is valuable.

It’s also common knowledge at this point that data breaches are costly. For example, Equifax, the company behind the largest-ever data breach, is expected to pay at least $650 million in settlement fees.

And that’s just the anticipated legal costs associated with the hacking. The company is spending hundreds of millions of dollars in upgrading its systems to avert any future incidents. 

In the cloud WAF arena, data breaches are no strangers. Having powerful threat detection capabilities behind your cloud WAF service provider, while important, is not the only thing to rely on for data breach prevention. 

API security and secure SSL certificate management are just as important. 

So, what are some ways hackers can cause damage as it relates to cloud WAF customers? And how can you protect yourself if you are using a cloud WAF service?

The topics covered in this blog will answer the following:

  • What can hackers do with stolen emails?
  • What can hackers do with salted passwords?
  • What can hackers do with API keys?
  • What can hackers do with compromised SSL certificates?
  • What can I do to protect myself if I am using a cloud WAF?


► What can hackers do with stolen emails?

When you sign up for a cloud WAF service, your email is automatically stored in the WAF vendor’s database so long as you use their service. 

In case of a data breach, if emails alone are compromised, then phishing emails and spam are probably your main concern. Phishing emails are so common we often sometimes we forget how dangerous they are. 

For example, if a hacker has access to your email, they have many ways they can impersonate a legal entity (e.g. by purchasing a similar company domain) and send unsolicited emails to your inbox.

 

► What can hackers do with salted passwords?

Cloud WAF vendors that store passwords in their database without any hashing or salting are putting their customers at risk if there is a breach, and even more so if hackers already have email addresses. 

In this scenario, hackers can quickly take over your account or sell your login credentials online. But what if the WAF vendors salted the passwords? Hashing passwords can certainly protect against some hacker intrusions.

In the event of a password breach without salting/hashing, a hacker can get your website to validate your password when the website compares and matches the stored hash to the hash in the database.

This is where salting the hash can help defeat this particular attack, but it won’t guarantee protection against hash collision attacks (a type of attack on a cryptographic hash that tries to find two inputs that produce the same hash value).

In this scenario, systems with weak hashing algorithms can allow hackers access to your account even if the actual password is wrong because whether they insert different inputs (actual password and some other string of characters for example), the output is the same.

► What can hackers do with API keys?

Cloud WAF vendors that use or provide APIs to allow third-party access must place extra attention to API security to protect their customers. 

APIs are connected to the internet and transfer data and allows many cloud WAFs work to implement load balancers among other things via APIs. 

If API keys are not using HTTPS or API requests not being authenticated, then there is a risk for hackers to take over the accounts of developers. 

If a cloud WAF vendor is using a public API but did not register for an authorized account to gain access to the API, hackers can exploit this situation to send repeated API requests. Had the APIs been registered, then the API key can be tracked if it’s being used for too many suspicious requests. 

Beyond securing API keys, developers must also secure their cloud credentials. If a hacker gains access to this then they are able to possibly take down servers, completely mess up DNS information, and more. 

API security is not only a concern for developers but also for end users using APIs for their cloud WAF service as you’ll see in the next section. 

► What can hackers do with compromised SSL certificates?

Next, what happens if the SSL certificates WAF customers provided ends up in the hands of hackers? 

Let’s assume the hacker has both the API keys and SSL certificates. In this scenario, hackers can affect the security of the incoming and outgoing traffic for customer websites.

With the API keys, hackers can whitelist their own websites from the cloud WAF’s settings, allowing their websites to bypass detection. This allows them to attack sites freely.

Additionally, hackers could modify the traffic of a customer website to divert traffic to their own sites for malicious purposes. Because the hackers also have the SSL certificates then they can expose this traffic as well and put you at risk for exploits and other vulnerabilities.

 

► What can I do to protect myself if I am using a cloud WAF?

First, understand that your data is never 100% safe. If a company claims that your data is 100% safe, then you should be wary. No company can guarantee that your data will always be safe with them. 

When there is a data breach, however, cloud WAF customers are strongly encouraged to change their passwords, enable 2FA, upload new SSL certificates, and reset their API keys. 

Only two of these are realistic preventive measures (changing your passwords frequently and using 2FA), but it’s unlikely that you, as a customer, will frequently upload new SSL certificates and change your API keys. 

Thus, we recommend that you ask your WAF vendors about the security of not just the WAF technology itself but also how they deal with API security and how they store SSL certificates for their customers.

If you’d like to chat with one of our security experts and see how our cloud WAF works, submit the form below!

[contact-form-7]

The post My cloud WAF service provider suffered a data breach…how can I protect myself? appeared first on Cloudbric.

Top 6 Plesk Security Extensions You Should Consider for Website Security

As one of the most popular hosting platforms alongside cPanel, Plesk provides a variety of security extensions for its users. Each Plesk security extension boosts their own unique features, meant to fully protect your website, server, email, and network from potential threats.

Some extensions on Plesk require advanced system administration, so it’s important that you choose the right security tools based on your knowledge and experience — as not all security extensions are created equal. 

While Plesk offers a range of security tools such as malware scanners or ransomware protection software, this blog post will focus on security extensions that are available on Plesk that provide protection against web application attacks and DoS and DDoS attacks. 

These types of web threats directly affect web applications and can result in your websites going offline. In this case, customers and visitors are denied access to your information and commercial services, which will negatively impact your business’s bottom line.

Take a look below at some of the most popular security extensions available on Plesk and how they can help prevent web attacks as well as their potential shortcomings. 

BitNinja

BitNinja specializes in server security; their Plesk security extension is designed to effectively eliminate threats from your Linux servers. The security extension is also meant to save you from having to perform any configurations and spend long hours of troubleshooting.

Because BitNinja’s security extension is equipped with DoS mitigation and a WAF (web application firewall), they protect against web application and DDoS attacks. Their DDoS mitigation works based on TCP based protocols, but instead of permanently blocking the IP source they “greylist” the attacker IP.

On the WAF side, they analyze incoming traffic to your server based on different factors and stops attacks against the applications running on your server. They utilize the same WAF model used by Cloudflare and Incapsula. More specifically, for their reverse proxy engine, they use Nginx, WAF engine by ModSecurity, and a ruleset from the OWASP. One downside to BitNinja is that they are unable to constantly update and finetune the WAF ruleset or implement other rulesets in real time. 

Variti DDoS

The Variti DDoS security extension focuses on protection against DoS and DDoS attacks. They do this by allowing incoming web traffic to pass through a distributed network of filtering nodes. Then, traffic is analyzed in real time and classified as either legitimate or illegitimate. Upon detection of a threat, their Active Bot Protection (ABP) technology immediately blocks this malicious traffic with a response time of less than 50 ms.

Because of this bot protection technology, Variti is able to distinguish traffic between real users and bots, including those coming from the same IP address. Thus, they can also protect against both network and application layer DDoS attacks.  Though it doesn’t offer a WAF, Variti is one of the few DDoS protection tools that are available on Plesk. 

ModSecurity

ModSecurity is arguably one of the most well-known WAFs. They support web servers such as Apache on Linux or IIS on Windows, to protect web applications from malicious attacks. ModSecurity works by checking incoming HTTP requests and based on the set of rules applied, ModSecurity either allows the HTTP request to enter the website or blocks it. 

The ModSecurity security extension on Plesk offers both free and paid sets of rules. It includes regular expressions that are used for HTTP requests filtering, but you can also apply custom rulesets. This may require extensive knowledge on WAF rules by the system administrator. For example, you may need to manually switch off certain security rules so maintenance of the rulesets can be a setback for those who are looking for a more hands-off WAF.

Furthermore, there have also been cases where customers experience ModSecurity blocking legitimate requests too when too many rules are applied. 

Cloudflare Servershield 

The Cloudflare Servershield security extension is intended to protect and secure your servers, applications and APIs against DoS/DDoS and other web attacks. While the security extension is primarily used to speed up websites, Cloudflare Servershield also offers WAF and DDoS protection.

Cloudflare’s WAF option and its rulesets can only be enabled on their paid plans – more specifically the Cloudflare Servershield Advanced extension on Plesk. Cloudflare’s WAF uses the OWASP Modsecurity Core Rule Set to inspect web traffic and block illegitimate requests. These OWASP rules are supplemented by Cloudflare’s built-in rules that you can apply with the click of a button. 

As part of their free plan, Cloudflare provides unlimited and unmetered mitigation of DDoS attacks, regardless of the size of an attack.

Imunify360

Imunify360 takes a multi-layered approach when it comes to server security. This security extension combines an advanced firewall, WAF, IDS/IPS, and more. Their advanced firewall is also powered by a machine learning engine. They take a proactive defense to preemptively stop all malware and identify potential attacks on your server. 

Their WAF protects web servers from multiple threats, such as DoS attacks, port scans, and distributed brute force attacks. Their WAF also relies on ModSecurity and is automatically installed on certain versions of Imunify360. Because other third-party ModSecurity vendor’s rulesets may be installed (for example, OWASP or Comodo), these rulesets can generate a large number of false-positives and may duplicate Imunify360’s rulesets.

You will need to manually disable other third-party ModSecurity vendors on different hosting panels.

Cloudbric

To simplify the management of website security, Cloudbric’s cloud-based WAF is integrated with the Plesk platform. The Cloudbric WAF extension also includes DDoS protection and SSL certificate renewal automation at no extra cost. 

Instead of painfully blocking the customer’s IP address individually to keep DDoS attacks under control, Cloudbric blocks these huge amounts of traffic before it reaches the site. Cloudbric’s advanced DDos protection ensures your website stays up and running. 

The Cloudbric WAF is designed to install and work with as little human interaction as possible. We handle the security so that customers don’t have to. Unlike ModSecurity which maintains a library of malicious patterns, known as signatures, Cloudbric takes it up a notch by also implementing signature-less detection techniques into the WAF engine. 

Additionally, unlike the rules of ModSecurity that are updated once per month, Cloudbric’s WAF does not require signature updates. 

This signature-less detection technology can also identify and block modified and new web application attacks. Cloudbric’s WAF engine includes 27 unique pre-set rules and AI capabilities to create an advanced threat detection engine to accurately detect and block attacks. 

If your company is dependent on online traffic for business, then protection against DDoS and web application attacks is a must. 

For Plesk users, there are a variety of security extensions to choose from to make the management of security extremely easy for web managers, designers, system administrators, and other web professionals – it all depends on your security needs and whether you are looking for fully managed services or customization. 

If you need assistance with Cloudbric’s plesk extension email us at support@cloudbric.com.

The post Top 6 Plesk Security Extensions You Should Consider for Website Security appeared first on Cloudbric.

Download Cloudbric’s New Security Extension For Plesk

Cloudbric is proud to announce the release of their much-awaited security extension (inclusive of WAF and DDoS protection) for Plesk, an industry-leading web solution platform.

Plesk is an all-in-one platform that allows developers, system administrators, and resellers to run, manage and secure their domains and servers via their control panel solutions and extensions.

Through this partnership with Plesk, we aim to simplify security for both users and small to mid-size businesses.

With the Cloudbric WAF extension, it’s easier for current Plesk server users, web hosting providers, and web professionals to access our web security services with just one click.

Plesk users can also manage Cloudbric settings and analytics without having to switch between applications.

Furthermore, by registering one of the lowest false-positive rates on the market, Plesk users like web hosting providers can deliver an affordable, high performing web application security solution to their own end users.

Learn more about our security extension and all its features via our product page on Plesk:

https://www.plesk.com/extensions/cloudbric/


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post Download Cloudbric’s New Security Extension For Plesk appeared first on Cloudbric.