Category: Ask a Security Pro

ask a security professional

Ask a Security Pro: What Is Encryption?

By Logan Kipp

Over the last year I’ve led a multitude of security workshops aimed to educate entry-level WordPress users about website security. Some of the questions I regularly field in these workshops are related to the mechanics of SSL certificates, and their role in protecting website data from prying eyes. As you may know, the installation of an SSL certificate on a web server allows the server to accept traffic on the hypertext transfer protocol (secure), or simply ‘HTTPS,’ the primary form of encrypted data transfer between websites and visitors. I’d like to share the answers to some of the most frequently asked questions I’ve had on the subject.

HTTPS and SSL Certificates

SSL is the Armored Truck

The first thing I’d like to clarify on the subject of HTTPS and SSL certificates specifically is that the use of SSL certificates and HTTPS do not in any way, shape, or form protect the data on your website itself. HTTPS encrypts data in transit only. Neither does it protect data resting on visitors’ computers. You should consider HTTPS the armored truck of websites, not the bank vault. It acts as the protection against adversaries while data travels from point ‘A’ to point ‘B’.

Tags:   Encryption, HTTPS, SSL
Categories:  Ask a Security Pro
ask a security professional

AskSecPro: Feature-Based Malware Detection

By Logan Kipp

Last year we published an #AskSecPro series where we explained how signature-based malware analysis works, as well as how traditional signatures are created. An area we don’t often talk about in public channels, but has played a pivotal role in SiteLock becoming a global leader in website security solutions, is our research and development efforts in new security technologies. In addition to our more traditional approaches to malware detection, SiteLock continues to explore new frontiers in technological improvement to push the field of security research forward. For some time SiteLock has been developing machine learning mechanisms as part of its process for discovering new malware iterations on an automatic basis. Our research in the field has shown that machine learning promises to be an important part of early malware detection and preliminary identification. One of the most significant breakthroughs we’ve had in machine learning as it pertains to malware detection and signatures, has been in feature-based signature analysis.

Tags:   analysis, behavioral analysis, feature-based, machine learning, malware, research, signatures, unsupervised learning
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: WordPress Database Security Part Two — Best Practices

By Logan Kipp

In Part One of our #AskSecPro series on WordPress Database Security, we learned about the anatomy of WordPress. Now that we have a firm understanding of the role the WordPress MySQL database plays in a WordPress installation, we can take a look at the various ways an adversary can exploit the mechanisms involved. We’ll also explore some of the ways to defend your database against compromise.

Tags:   best practices, database, mysql
Categories:  Ask a Security Pro, WordPress security
ask a security professional

AskSecPro: What is #Cloudbleed?

By Logan Kipp

Over the last few days you may have heard the term #Cloudbleed thrown around the water cooler. Some of the questions our customers are asking us include,  “What is Cloudbleed?” and “Am I protected from Cloudbleed?” As your resident Security Professional, I’ll be glad to help you to understand what the Cloudbleed buzz is all about and how it may impact you.

— First, I want to be very clear that the Cloudbleed bug does NOT impact SiteLock TrueShield™ WAF/CDN. More below.

Tags:   buffer overflow, CDN, cloudbleed, disclosure, leaked, memory leak
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: WordPress Database Security Part One — Anatomy of WordPress

By Logan Kipp

For most people the year is still just getting started, but for some website owners the year has already packed quite a punch in the form of website attacks. This month hackers exploiting a vulnerability in the WordPress REST API successfully defaced over a million websites in what has become one of the largest website defacement campaigns to date. The attacks injected content that overwrote existing posts on WordPress websites running versions 4.7 and 4.7.1, leaving website owners with an immeasurable number of “Hacked by” posts across the droves of impacted websites.WordPress REST API

Many website owners who have unfortunately found themselves in the proverbial trenches of a digital battlefront, some of which had at least some security measures, are facing a difficult data recovery situation. It is from these recent events that the next Ask a Security Professional question was crafted; How can I better protect my data?

I feel that it’s important to fully understand what the problem is in order to best understand what forms a solution can take. In Part One of #AskSecPro we’ll cover an introduction to some of the infrastructure behind WordPress. Let’s start at the beginning.

Tags:   anatomy of wordpress, core, database, database security, mysql, phpmyadmin, security, sql
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: DDoS Attacks — Part Four: Volumetric Attacks

By Logan Kipp

So far in this #AskSecPro DDoS series we’ve covered both Application Layer DDoS Attacks and Protocol-Based DDoS Attacks. We’ve also identified  the differences between a DoS and a DDoS attack. In this final segment of the DDoS series, we’ll discuss the third category of DDoS attacks, Volumetric Attacks, also known as Volume-Based Attacks

Tags:   amplified, botnets, ddos, ntp, reflective, volume-based, volumetric
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: DDoS Attacks — Part Three: Protocol-Based Attacks

By Logan Kipp

Continuing our #AskSecPro DDoS series where we last discussed Application Layer Attacks, today we’ll focus on some of the most popular protocol-based DDoS attacks we’ve seen hit our customers’ web application firewall, SiteLock TrueShield™, over the years. TrueShield™ is SiteLock’s distributed cloud-based web application firewall (WAF) with the capability of defending against attacks across layers 3, 4, and 7.

Tags:   ddos, icmp, OSI Model, ping of death, protocol, smurf, syn flood, trueshield, Web Application Firewall (WAF)
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: DDoS Attacks — Part Two: Application Layer Attacks

By Logan Kipp

In our last #AskSecPro article we discussed the differences between a DoS and a DDoS attack. Now that we understand what a DDoS attack is in concept, let’s learn a little more about the mechanisms involved in these attacks. In Part Two of the DDoS Attacks series we’ll focus on some of the attack vectors utilized by adversaries when launching a denial of service attack.

Tags:   application layer, ddos, mirai, PhantomJS, post flood, trueshield, Web Application Firewall (WAF), xmlrpc
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: DDoS Attacks — Part One: DoS vs DDoS

By Logan Kipp

There’s a lot of buzz going around in many online communities concerning the recent distributed denial of service (DDoS) attacks the world has witnessed. In many of my own circles I’m often the only security guy in the room so I end up fielding a lot of questions, the most common of which is, “how do they do this stuff?!” In this District #AskSecPro series, I’ll be explaining the anatomy of D/DoS attacks and the practical weaponization of regular computers.

Tags:   anonymous, ddos, dos, high orbit ion cannon, low orbit ion cannon
Categories:  Ask a Security Pro, WordPress security
ask a security professional

Ask a Security Professional: Understanding Unvalidated Redirects and Forwards

By SiteLock

There are times when a website may want to send a visitor to another page either immediately or after a specified amount of time (usually seconds). As an example, consider an outdated page that you believe your visitors have bookmarked – You don’t want to lose the traffic, so you just automatically redirect them to another page. While less common today, these redirects and forwards do still exist, but if not setup properly, they could pose an outside risk to your online presence.

Tags:   Redirects, unvalidated forwards, unvalidated redirects, Web Application Firewall (WAF), website vulnerability
Categories:  Ask a Security Pro, WordPress security