CHAPTER 5
Hardening the Server Against Attack
“Hardening a server,” in generic terms, means “closing up vulnerabilities and holes in the server.” Weaknesses exist in all software and hardware platforms, and new weaknesses are discovered on a very regular basis.
Servers are an asset both to you and to the bad guys. If the bad guys can gain control of your server, they can use it for their purposes. If that is an illegal purpose such as launching an attack against someone, then when the chips fall, you may be left holding the bag.
According to the 2010 Verizon Data Breach Investigations Report, research conducted in conjunction with the United States Secret Service uncovered the following:
“Verizon Business investigative experts found, as they did in the company's prior data breach reports, that most breaches were considered avoidable if security basics had been followed. Only 4 percent of breaches assessed required difficult and expensive protective measures.”
Note that only 4 percent of all the cases they reviewed needed difficult and expensive measures to break into the websites. That means that 96 percent of the cyber breaches could have been avoided by taking proper steps.
The report further stated that “98 percent of all data breached came from servers.” This is a major source of banking phishing scams, identity theft, and other criminal activity.
You should spend some time ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
