Friday, February 20, 2009

Warm up for Code4Lib

A few of us are gearing up for Code4Lib 2009 in Providence, RI next week. Very fun. I am going to be at the OCLC Grid Services Boot Camp, to learn, take photos and I hope take a few videos as well. Promises to be a good time, given the list of attendees. Wish I could stay for the whole conference, but someone has to mind the store (as they say).

As a techhead warm-up and the start of a continuing series of somewhat random but helpful tidbits, I was chatting with one of the security officers at OCLC and he compiled a list of tips for surviving a network attack. I'll give these to you in bite-sized pieces.

Here's the first one:
Reduce the likelihood of an attack.

Like campers who tie their food up in trees to keep bears away, you’ll want to make sure you don’t have any enticing tidbits for Internet attackers.

Here are a few key findings to look out for:

* Unpatched systems: Attackers wanting an easy target will look for systems that are behind in updates.
* Open web proxies: Misconfigured proxies can attract a lot of traffic because they may allow remote users to get around firewall restrictions or to get unauthorized free access to resources.
* Cross-site scripting vulnerabilities: Cross-site scripting (XSS) is a type of web application vulnerability where an attacker can use your web pages to attack other users.

Stay a step ahead of the attackers and identify these and other weaknesses in your systems with a vulnerability scanner like Nessus. Nessus is a very powerful and potentially dangerous tool, so make sure that you have the proper authorization, that you have familiarized yourself with how it works, and that you choose your targets carefully.

No comments: