Software Tools to Prevent Attacks on Servers and Sites

Software tools to prevent attacks on servers and sites - Plesk

As hackers find more sophisticated ways of accessing your data, security is becoming a day-to-day struggle for businesses. Since 2018, security breaches have increased by 11%. And in the first half of 2019 alone, 4.1 billion personal records were exposed. And losses due to data exfiltration, stolen IP, and ransomware are also accelerating at a fast pace. Although nearly two-thirds of business leaders recognize the increasing security risks, only a small percentage have enough server security and website security.

Being fully protected means having multiple layers of security in place. With each layer addressing a different type of threat – and combining to form an impenetrable barrier. This becomes a difficult task for sysadmins, because just uncovering and blocking individual threats isn’t enough. It’s also important to defend against complex threats and take preventative action all the time.

To effectively manage cybersecurity, businesses outsource and use free and premium security tools. Here we’re going to look at some of the field’s top tools. And explain how they can help you enforce the seven key security layers every business needs to stay secure.

Network Firewalls

Firewall helps Linux server security - Plesk

A firewall is a system that prevents unauthorized access to or from a private network. It’s basically like the door to a house: an outer layer of security that determines what can and cannot enter. Of course, you also need the door to be closed, sturdy, and under your control in order to protect you. Most computers come with inbuilt firewall software, typically enough to shield against viruses, malware, and other unwanted content.

However, default firewalls are generic and limited, and so enterprises regularly use hardware firewalls as well. While the default Plesk firewall provides basic server protection, extensions like Juggernaut further secure your server against today’s threats. Juggernaut features include an SPI firewall, brute-force protection, real-time connection tracking, intrusion detection, and dynamic blocklists. Such features give you extra control and allow you to prevent inappropriate communications. Also, take a holistic view of your network, and even scan encrypted data for threats.

A firewall is considered the first line of defense in preventing attacks on servers. However, it’s not the only measure you should take.

Antivirus Software

Install antimalware/antivirus software

If a firewall is the door to your house, your antivirus software is the door to your bedroom. Whereas a firewall protects unwanted content and threats from getting in, antivirus software protects against threats already in your system. It does this by constantly monitoring files, looking for certain signatures to identify malware, and removing viruses and potential threats.

There’s no such thing as too much protection when it comes to antivirus software. The key is finding a tool that suits your needs while being easy to use, lightweight, and regularly updated. Premium antivirus by Dr. Web is an award-winning virus scanning and filtering software that protects mailboxes from many types of malware. Including viruses, worms, and trojans.

More great options are the Plesk Premium Antivirus or Kaspersky Antivirus extensions. Both extensions scan server mail traffic in real-time. But only Kaspersky allows fine-tuning and filtering of specific file types from attachments. Then there’s ImunifyAV – the leading malware-scanning tool. It ensures you keep malicious code away through antivirus, security and domain monitoring, blacklist status check, and one-click malware removal.

Endpoint Detection and Response (EDR) Software

EDR software - end point detection software - Plesk

EDR is a technology that addresses the need for continuous checking of file signatures. Checking for signs of malignancy and rapid responsiveness to advanced threats.

Whether it’s a Mac, PC, or a server, a good EDR system can detect suspicious activity running on any endpoint. This is especially important as even if a hacker has entered your system, for the hack to have a serious impact they must be able to siphon information out of your network. EDR software prevents this from happening by essentially placing compromised devices in quarantine, so no intel can be sent/received.

EDR is an advanced step in server security and so it typically comes at a cost. Kaspersky EDR provides full endpoint protection, from automatic threat blocking to complex incident response. It’s particularly popular for its comprehensive visibility across corporate networks and capacity to discover, prioritize, investigate, and neutralize advanced threats.

Anti-Phishing Tools

phishing - anti-phishing tools - Plesk

Phishing is a way of finding and gathering personal information using deceptive emails and websites. Techniques typically involve persuading people to click on malicious links by suggesting they are important and/or safe. It happens mostly through messaging platforms like email and chat apps. Built-in spam filters block most generic phishing attempts sent out to thousands of people. However, targeted phishing attempts, which may target specific individuals or organizations, can be harder to block.

Phishing is a particularly tricky form of cyberattack to protect against and it can appear so real. Neutralizing such scams, which have tricked even the savviest of CEOs, requires special anti-phishing tools. Warden Anti-spam and Virus Protection is a paid extension designed for power users and service providers. Besides providing high-performance and simple antivirus tests, it also offers support for nearly 30 SpamAssassin plugins. And is therefore one of the most robust anti-virus and anti-spam tools around.

Encryption Tools

encryption tools - Plesk

Encryption tools are software that use cryptography to prevent unauthorized access to sensitive information. It works by encoding data from “plaintext” into “ciphertext”. This process turns unencrypted information into an encrypted form for which you need a key to decode. Typically a password, making it harder for outsiders to access.

There are two main types of encryption: software and hardware encryption. Software encryption is more selective and focuses on encrypting individual files and folders. Hardware encryption involves encrypting entire devices.

Linux users will be used to connecting to servers using SSH keys. SSH (Secure Shell) keys are access credentials used in the SSH protocol. A secure and widely used standard for strong authentication, secure connection, and encrypted file transfers. Using SSH keys is more convenient and secure than traditional passwords.

From Plesk 12.0 onwards, you can use SSH Keys Manager to effectively manage SSH keys from the Plesk UI.

Specific Server Security Tools

specific server security tools - server security software - plesk

Some of the most popular Plesk extensions are those which improve your server’s security. Here are some of the most powerful ones which help combat server threats.

Sentinel Anti-malware

Sentinel Anti-malware is a scanner that combines the open-source principles from Linux Malware Detect and ClamAV. This extension especially serves power users and service providers who want to ensure they have protection from a variety of malware.

Kernelcare

This premium extension (free trial for 30 days) protects Linux servers against critical vulnerabilities. Mainly by automatically installing security updates to running kernels. This avoids rebooting servers and planning scheduled downtime for your customers. And it also ensures kernels are updated within hours of patch releases for uninterrupted security.

BitNinja

The BitNinja extension prevents 99% of malicious attacks. This can consequently reduce your server alerts and customer complaints by just as much. It actually provides protection against nine different aspects of attacks – including malicious port scans and infections. You can even set it up and start automatically protecting your server in as quick as five minutes.

Cloudbric

Cloudbric provides award-winning enterprise WAF and DDoS protection. Firstly, it has a threat detection system for real-time security against hacking attempts, website defacement, DDoS attacks, and spambots. Secondly, you can activate it with one click and try it for two weeks for free. While also benefiting from Cloudbric’s free and expert technical/security support.

DDoS Protection by Variti

DDoS Protection by Variti protects sites from DDoS – one of the most popular online attacks. As well as other types of sophisticated bot attacks. It does this by analyzing real-time traffic and passing it through a distributed network of VARITI filtering nodes. This extension is ideal for companies that depend on online traffic protection for their business.

Atomic Secured Linux

The Atomic Secured Linux extension provides the same level of protection that typically comes with an expert security team. It can prevent, detect, and respond to today’s greatest cybersecurity challenges. In particular, it features host and kernel intrusion prevention systems, brute force protection, and automated malware removal.

(D)DoS Deflate Interface

(D)DoS Deflate Interface is a lightweight shell script that helps deflect DDoS attacks automatically. The script runs in the background, blocking incoming connections from multiple IPs from which connections exceed the configured threshold. And above that – It’s simple to install and operate.

Penetration Testing Software

Password policy vs Hacking Techniques

Penetration testing software is the final line of defense in your security arsenal. Professional ethical hackers simulate a cyberattack (penetration testing), allowing enterprises to find weaknesses in corporate networks long before attackers do.

Rather than just software, penetration testing is often handled by human experts. Once your systems are in place, this added level of security helps you answer two questions in particular. First – does your security system have enough layers? And second – do those layers actually work?

In penetration testing, certain tests can, however, run autonomously. For example, Burp Suite’s vulnerability scanner autonomously crawls an enterprise’s web presence in search of common security holes. Including cross-site scripting, SQL injections, and volatile content. Admins can schedule Burp scans and see the resulting analysis in the form of detailed visual maps. Allowing for the ultimate control and protection of your business’s data.

How tight is your server security against attack? Do you use these tools or different ones? Let us know in the comments below!

CloudLinux (Imunify360) Explain Why We Need New Security Strategies

CloudLinux say we need new security strategies - Plesk

Today’s hackers are widening their scope of threats and creating deeper, harmful impacts. We all need our platforms safe if we want to stay in business. However, organizations tend to cut costs by not hiring full-time security analysts, taking the DIY-approach instead. Thus opening up a can of risks.

Since software, and the attacks it exposes, are always evolving, it’s impossible to keep security policies relevant and reliable. Resulting in compromised websites, unmaintainable systems, a floundering reputation – and ultimately, plunging profits.

Common Characteristics of Cyber Crime Today

Common characteristics of cybercrime today - Server Security

According to many security experts, this is what today’s cyber crime landscape looks like:

  • Scale: Through automation, hacking attempts are now much broader in their attack surface and more prolonged in their duration.
  • Knowledge: Hackers take advantage of dedicated communication channels and share vulnerabilities info. Many vulnerabilities are unknown to both the software vendors and the website owners.
  • Adaptability: Hacking tools and techniques evolve faster than the defenses designed to protect against them. And hackers are customizing attacks for specific website platforms, exploiting specific vulnerabilities.
  • Cost: Hacker communities don’t just steal a company’s data and hijack their resources. They also adopt a company’s corporate mindset and try to lower hacking costs and risks.

If we want to avoid making cybersecurity a full-time fight, we need defense strategies that directly address the above factors.

Layered Security: The Suggested CloudLinux Strategy

What CloudLinux wanted was to regain control of security and make it manageable for Linux hosters and website owners. Hence, discarding previous failed strategies and replacing them with more effective tactics, better suited to battle these new hacking trends.

With layered security, a stack of security components protects against different vectors of attack with specialized software modules. Together implementing a more effective ‘security funnel’ kind of situation.

Layered Security - CloudLinux Cyber Security strategy 2019 - Plesk

Why Layered Security?

Modern security solutions use this multi-layer model because of its wide coverage and the fact that it’s adaptive. System operators can individually fine-tune each layer according to their profile, server specs and compliance needs. Meanwhile, website operators no longer need to constantly reevaluate their security defense posture and upgrade their cybersecurity suite. Instead, they can use their time and money to further develop their businesses and meet their customers’ needs.

Imunify360 in Plesk: Key features & Updates

Imunify360 is a scalable solution with a cybersecurity approach that builds on the industry’s solid and reliable components and protocols. Their technologies improve detection rates, simplify management, and offer opportunities to enhance revenues for hosters and web professionals. Here’s a run-down of the key Imunify360 components.

Imunify360 in Plesk: Firewall, IDS/IPS, anti-malware, antivirus, patching, backup/restore

1. Firewall / WAF

Builds on the strength and reliability of ModSecurity and OSSEC, enhanced by human and machine-learned rules. There’s automated IP block list management to ease your workload, regardless of how many addresses there are. And Individual IP address blocking uses the familiar allow/deny lists model extended by a gray list – where blocked IPs go.

The system only unblocks gray IPs when a human visitor from an HTTP/HTTPS passes a CAPTCHA – thus whitelisting them. However, only admins can manually add entries to a local gray list, reducing false positives and unblock requests for support.

Bulk setting large numbers of IPs is quick and painless. To defend against brute-force attacks, Imunify360 adds to OSSEC’s Active Response which can even detect specific ports under attack, and block them.

2. Intrusion Detection Systems (IDS) & Intrusion Protection Systems (IPS)

These security components inspect traffic for signs of malicious intent, stopping it at source before it can do harm. Imunify360 uses its unique Proactive Defense to scan PHP for malicious code via de-obfuscation and behavior-analysis techniques. In order to work out which requests are authentic, while keeping false positive rates as low as possible.

In the case of malware, Blamer traces the source and method of infiltration. Eventually, armed with this information, Imunify360 will become even more effective at blocking attacks.

3. Anti-malware/antivirus

Imunify360/ImunifyAV automatically or manually scans new, modified, and uploaded files for malware and viruses – for free. Then, you can choose to automatically delete, quarantine or get a warning about malicious content. You’ll be able to perform scheduled scans in the upcoming Imunify360 4.1 version. ImunifyAV+ (premium) also includes one-click cleanup.

4. Patch Management

The main cause of security breaches is outdated software. In fact, unpatched vulnerabilities in software packs leave servers wide open. So you have to patch them asap. However, this takes time and effort, and often, patches need a system restart to activate, which could cause service interruptions.

But Imunify360 actually solves this. Firstly, with HardenedPHP, which patches new vulnerabilities and lets you safely run apps on older, unsupported PHP versions. And secondly, KernelCare, which automatically patches Linux kernels “live” – without rebooting and downtime. Essential since the kernel is the most important Linux system part, handling core functionality which all other apps rely on.

5. Reputation Management

When a website is victim of an attack, Google Safe Browsing blocks it, resulting in you losing traffic and revenue. Because the site is not indexed anymore. So this Imunify360 feature informs you of the Google-block and helps you unblock and restore it.

6. Backup and Restore

File backup brings you peace of mind because of its ability to help you recover from malware infection. Because a backup/restore feature like in Imunify360 (Acronis or CloudLinux) quickly restores your files to their pristine condition.

Fighting cybercrime together

The role of Linux servers has grown as a result of e-commerce growth in the last decade. But Cyber-crime has grown in parallel and puts legit business operations in danger with its sophistication and reach. The only solution is fighting fire with fire; use the same tools hackers are using. Get Linux server protection that is complete and dynamic.