In recent years, browsers and the Internet have become a common means of making transactions or online payments, buying items such as clothing or simply to have a look at the daily press. In addition to using them to find information of our interest.
It is clear that every organization, regardless of whether it is private or public, large or small, has a website to showcase their products or services, disclose their information or present their image. Because of this, every day, web servers have become an easy target for any type of attack or hijacking. The result is that with the passage of time, cyber attacks have soared, that now, it is of utmost importance to pay attention to this issue. Since it has become the headache of companies that are dedicated to software development.
According to Kapersky, Russian cybersecurity company, a hacker can earn from 10 thousand to 72 thousand dollars for the hijacking of a server. In February of this year, Tesla of Elon Musk, suffered the hijacking of his cloud, which cost him to hire experts in the field so they can help him recover his server. Hackers took advantage of the cloud’s ability to mine cryptocurrencies, and guess what? As strange as it seems, the Tesla cloud did not have a password.
In that sense, so that it does not happen to you as well as to the good friends of Tesla, we offer you a list of keys on security in the servers that help you avoid becoming more prone to these cyber attacks:
- What all should know is that it is important to limit access to the database. Only trusted personnel should have access to sensitive data and important procedures. That’s why we suggest giving each user a series of permissions and privileges.
- The second key is to pay attention to the databases that serve only for the test mode, since most companies give more importance and money to protect their productive databases. This key has to do with the anonymization of these “less important” bases. It is about creating a similar version that maintains the structure of the original, although varying the sensitive data so that they are protected.
- Another key is the knowledge to the perfection of your information, because it is interesting to know the structure and logic of it; In this way, once sensitive data is identified, it is easier to understand where and how it is stored.
- When a hacker manages to have access to a certain server, the first thing he tries to subtract are the databases stored in it; thus, if the data becomes illegible, no person will be able to access it without authorization. Therefore, a good advice is to use the latest algorithms available to encrypt the information located in the databases.
- The indicated personnel must keep a strict control of the activity that revolves around it. It is essential to know how and which user has manipulated the information in order to detect any type of suspicious action in real time.
- It is also important to backup your database, in this sense, it is a duty to periodically execute a full backup that copies all the data.
- To protect the server, it is essential to pay continuous attention to it. Keep in mind that many websites are at risk of being hacked by the simple fact that they work with obsolete software, which does not provide any type of security. Therefore, it is very important to carry out all the available updates.
- It is important to know the configuration files of the web server in question. The Apache servers make use of the .htaccess file, which you can find in the root web directory, and which will allow you to execute server rules.
- Do not forget that it is essential to install the SSL security protocol, which encrypts the communication between the web server and the browser. A particularly critical point for e-commerce websites, in which users must enter sensitive information, both banking and personal identification. Encryption of information plays a key role since it prevents a cyber-attacker from intercepting traffic.
- Finally, it is important to determine 100% secure passwords and, in addition, change them regularly. Although it seems incredible, there are corporate users who choose such simple passwords as “123456” or “qwerty”; that can easily be hacked and it is a must to avoid it.