Web Servers As The Weak Link
Information Leakage: Protect Against ‘Google Hacking’
There are many ways that confidential or private data can leave a corporate network. Users may copy files to their laptops to take work home with them. Employees may burn data to CD’s or DVD’s, or copy data to portable storage such as USB flash drives, cell phones, digital cameras or MP3 players. Data can be intentionally or inadvertently sent out of the network via email. Protecting against information leakage is not a simple task.
Joel Dubin, independent security consultant and author of The Little Black Book of Computer Security, Second Edition, says “Attackers are now focusing on web applications, which are allowed through firewalls. Application level attacks, not perimeter breaches, are today’s weak link and the most fashionable by the hacker elite. In addition, unlike other parts of the network infrastructure, web servers display web sites to the world and have to be exposed to the Internet, making them particularly vulnerable to attack.”
As Dubin points out, one area that can be particularly troublesome is securing web servers and ensuring that sensitive internal data is not available via the Web. Web servers, by their very nature, tend to be at the network perimeter and connect with the external Internet. They provide a direct gateway for external attackers to gather information about the internal network and possibly even acquire actual files and data that were meant for internal company eyes only.