In a few words, can you explain the security solutions that you provide?
We talked with Dennis Kittrell, VP Product- Ummunify 360 about hardening security in Linux, the risks of not investing in security, and some of the common trends that have emerged through the Covid pandemic.
At Imunify360 we do Linux web server security. We specialize in linux web servers, though many of our customers use IM360 not only for hosting websites, but for protection of any Linux server, for example, DNS servers, mail servers, etc.
We cover most of the major Linux distributions that are used for that purpose, like CentOS, Debian, CloudLinux OS, AlmaLinux and Ubuntu. What we do is automatically patch software on the servers, as well as vulnerability protection, and malware detection, and removal (malware protection). We are now starting to focus heavily on WordPress specific websites. Obviously, there’s a massive amount of WordPress out there, WordPress is huge. It’s been huge for a while, and a substantial (and growing) percentage of websites on the internet are using WordPress. Obviously, there are vulnerabilities introduced and discovered every day – in various versions of plugins and in the core of WordPress itself. This creates quite a monumental task for site owners and hosters to keep track of. So, we’re focusing heavily on solving that problem going forward because that is what our customers and our partners are demanding.
Many people believe that Linux is safe and does not require security. What is your response to that?
In comparison to other operating systems, they’re right. Linux is very safe as an operating system. Obviously, there are vulnerabilities introduced into the various flavors of Linux, however it’s not often they find critical vulnerabilities.
We are not focused heavily on the operating system itself; we’re focused on the software that gets installed on Linux. So, if you’re using Linux for hosting websites, or you’re a hosting provider, your customers may be installing software that you don’t know about. You would want them to be safe from vulnerabilities in that software, and different attack vectors that are introduced into your infrastructure, that sort of thing. This is why we stay focused on the software itself.
You could think of the operating system as your house. You can have an operating system that’s built out of sheetrock, or stucco which is not as strong against the elements (or bad actors) as, for example, a brick or concrete house. But bad actors don’t typically break in through the walls. There are doors and windows that are likely to be exploited far more easily. If people leave those doors unlocked the entire home becomes vulnerable to attack. What we focus on is who you let into the house, and what you put in your house. That is where most of the vulnerabilities form and where the attacks get through.
What tips can you provide for hardening security on Linux?
There are a lot of best practices for hardening a Linux web server. But it really depends on the function of the server and who needs to access the data on a server. Is it a public server? Is it a private server? What kind of data is being sent/received (e.g. credit card payments, personally identifiable information, etc)?
In most cases for public facing servers, we need brute force protection for the applications on the server. You’ll also need a good web application firewall – with an updated rule set – that’s the critical part. There are a lot of WAF utilities out there and it is really important that the rule set is updated on a regular basis, as often as possible with all the protections that you need.
You’ll need to protect your API’s. API’s are a potential attack vector, if not protected, you’re inviting any attacker (who is motivated or skilled enough) to break into your server.
Depending on how high profile your website is, you may want to consider DDoS protection and mitigation.
And of course, you need regular malware and database scans. Whether those scans are manual or automatic, is important too. If you have a procedure to manually scan your databases for malware, you’ll be leaving room for human error. Automation is really important, where you maintain regular updates, regular scans, and defined security events that you’re monitoring. In most cases, it is quite easy to stay safe with Imunify360, just stick with our recommended settings provided by the embedded advisor and that’s it.
If I decide to run my websites through WordPress, at what point would I contact a company like yours to get involved?
Security is something you have to care about from the start. IM360 mainly is a protection solution. In many circumstances, it can be too late to protect if data was stolen (or encrypted), or if a site was banned by Google as malicious. This is why protection must be a priority right from the start if you are doing business or value your website.
However, if your site was already hacked – IM360 does have powerful functionality to remove things like malware and mitigate other kinds of negative consequences.
What is the risk of a company not investing in security and what advice do you have for a small company working on a tight budget?
There is quite a lot of risk in that, of course. If that company is using WordPress, or some other CMS, or even just building it on their own, there are vulnerabilities in the server itself that can be exploited.
If you don’t have any kind of protection at all, the most common problem will be malware. There are many groups who want to put malware on even unknown websites for nefarious purposes. For example, they might want to utilize your server resources to mine cryptocurrency, or they want to capture your customer data, or redirect traffic from your site to an ad revenue site, etc., etc. There are many various scenarios that could benefit an attacker if they are able to compromise your website. The one thing everyone agrees on: protection is much cheaper than post hack mitigation.
What is the risk of a company not investing in security and what advice do you have for a small company working on a tight budget?
We see attacks on web servers increasing since the pandemic started. However, it’s also doing something important for cybersecurity. It is also increasing awareness and prioritization of security policies. Ultimately, that will prove to be a positive outcome for the industry.
There are a lot of businesses out there that have not (knowingly) experienced any kind of attack or negative impact from malware, but they are now realizing more than ever that they need to do the work of securing their servers/websites. Many have always known that they needed to do it, but it had not been prioritized appropriately. This awareness is pushing them in the right direction.
I want to add that I believe both the Coronavirus and the current crisis in Ukraine are doing that. They’re bringing awareness to threats and risk mitigation and that ultimately is going to be good for the industry and good for the world, really.
I also believe that the Coronavirus, specifically, has changed the way the industry thinks about internal resources and how to manage access control. There is more thought being put into who can access what resources, what servers, etc.
Leave a comment