This post is also available in: עברית (Hebrew)
Cyber war is an act of war, adopted by states as well as by Terrorist Organizations, with the goal to penetrate and damage the opponents computerized systems or other vital systems that rely on it.
There have been many cyber attacks on organizations and companies in Israel especially during times of war. Some of these attacks include: DOS (Denial Of Service), Defacement (site vandalism) and phishing.
The Economist paper defined the cyber arena as the fifth addition to the four traditional arenas of war (land, sea, air, space). Similarly, the President of the United States, Barack Obama states that “the digital infrastructure is a strategic national asset.” Attacks on websites in general and in particular corporate sites are on the rise. Hundreds of Israeli sites are attacked every day and even more so on peak days, where thousands of sites are targeted. The extent and severity of the attacks, brings a halt to the continuity of businesses for many hours, sometimes even for several days.
DOS attacks: applicative and infrastructure
There are two types of DoS attacks (Denial Of Service): applicative and media. Applicative attacks are based on the mass sending of communication requests to the server/app – so that the load on the server will be so great that it runs out of resources intended for the services it actually provides. The media based attacks work on a mass sending of communication requests to the server and therefore blocking any communication to the server.
A Dos attack is essentially based on sending many requests while avoiding sending credentials to the server / application. This means that such an attack keeps the server busy and causes the theft of resources. It’s very difficult for a server under such an attack to offer quick and efficient service when it’s dealing with millions of other requests. The result of the attack can be the downing of the site or painfully slow service.
Defacing a Website:
This type of attack allows the attackers to change the site content that users will see on site. These attacks have a high propaganda value, but the implementation is more complicated.
Beware of Phishing:
These attacks are carried out in various configurations some of which come through e-mails containing links to malicious sites which implement malicious files (Trojan horse). The purpose of the Trojan horse is to intercept all communication channels and to collect essential information from the affected system and transfer it to the attacker.
According to the Avi Len, who manages the facebook page of Israeli site “Twittering Statuses – Statusim Mezayzim”, who fell victim to phishing attacks last July after offering to participate in a special program called Verified Pages. They clicked the link and entered their username and password for facebook, they basically gave their details to the attackers without realizing it.
Figure 1: Massive DOS attacks on sites in Israel on 13/07/2014 (posted on: digitalattackmap.com)
How can you defend against DOS?
Most of the tools that protect against DOS are implemented at the ISP level (Internet Service Provider), i.e. before the message reaches its destination. Such tools rely on abnormal tests (suspicious behavior) or black lists preventing routing messages originating from black listed addresses. When a message arrives at a communication junction (such as a router, switch, etc.) the source address of the message is checked. If it’s on a black list, the message is rejected. Otherwise, the communication junction of the device passes it through a port to the next destination. Tools such as these have firewall software installed on routers and / or switches as an Intrusion Prevention System. For example, a firewall basically puts up a “firewall filter” blocking the path of messages originating from “black” addresses. As mentioned above, the obstruction is performed at the network level i.e. before the message arrives (Packet) to the router which is connected directly to the computer being attacked. This tool protects against DOS attacks.
Prevention of Defacement
Folders on a server (such as images, system files and temporary files) should not be visible or accessible to every user. Access rules and settings accordingly should be set for example to files as index.html and Htaccess. It also means you can set up folders for indexing prohibited by Robot.txt thus preventing disclosure by various search engines.
Additionally the moment that vandalism is discovered it has to return to its previous state by raising files stored on a backup server and deleting the defaced settings.
Beware of Phishing
Here are some rules that prevent phishing attacks:
1) Do not open emails from someone you don’t know or suspicious looking emails.
2) Do not click on unknown links in emails and and also on different sites, like facebook, which entails many risks.
3) Do not enter suspicious or unusual websites.
4) Do not install cracked software.
Following Password Guidelines
Nowadays it’s fairly well known that your personal or company passwords should be complex. We define the minimum password creating guidelines as follows:
1) Minimum number of characters: 7
2) Complex password containing at least one number, one uppercase letter and one lowercase letter.
3) Age of Password: Change every 90 days.
4) Password history: Amount of passwords changes without repeating old password: 5
5) Number of incorrect password tries before site is temporarily locked: 5
6) Do not keep your password where others may pass it e.g. on the server or on the computer.