Is your network an “opportunity” for a hacker?

[SenseiSteve]

I wrote this some years ago, but I believe it still applies today.

Hackers are clearly honing their skills as we continue to see stolen credit card data from some major players, and we’re talking now about intrusion attempts from all over the globe probing millions of networks for entry points. More often than not, it’s not you they’re targeting.

They’re looking for opportunities across the breath of the Internet. If your network is vulnerable, trying to recover from an intrusion is a whole lot harder and more expensive than securely locking it down upfront.

What steps should a web hosting provider take to properly secure their network in 2020? Your thoughts?

 

[izumi777]

We focus on the servers and secure them by updating OS and software to the latest version. We also focus on backups by backing up data to various locations. This protects us from ransomware because we always have data to restore.

 

[server]

What steps should a web hosting provider take to properly secure their network in 2020? Your thoughts?

I don't think anything has changed from 2019 in this regard.

The bigger concern is how to protect our privacy.

 

[bprashanth]

Security is important at OS, network, access and hardware levels. It is a multi-faceted, multi-domain, inter-departmental necessity that can't be ignored anywhere.

Ignoring it is simply inviting attacks and avoiding responsibility.

 

[artichost]

At a minimum do a network scan on public blocks and patch stuff. There should never be MGMT exposed from outside unless it's in a SSLVPN with 2 factor auth.

 

[WPAuto-Mike]

We have hosting provider partners who still have to deal with weak user passwords in Year 2020.

I guess nothing has changed fundamentally in terms of cybersecurity standards, and users are still the most vulnerable even when the entire infrastructure is maintained in the best state of art security implementations.

 

[JessicaAceh]

the solutions to prevent such things are the same as were years ago. You need to make sure your server and all services are up to date(latest patches and hotfixes). If CC mentioned, it means connection over SSL, in this case, make sure that outdated ciphers and protocols are closed down. In addition, close down all ports from public access, apart from those that should be accessed by clients, players, visitors. And as a last thing, use regular penetration tests.

 

[easyhostmedia]

We have hosting provider partners who still have to deal with weak user passwords in Year 2020.

I guess nothing has changed fundamentally in terms of cybersecurity standards, and users are still the most vulnerable even when the entire infrastructure is maintained in the best state of art security implementations.

It is the same with user who do not update their scripts like Wordpress etc. thinking they still work, so no need to update them, then eventually i would have ' help my site has been hacked' they dont understand they need to make sure scripts are updated when informed to do so.