Servers, ports and vulnerabilities, what’s the deal with that?
Cybercrime or hacking is often possible through an open port on a computer or server. But what is actually meant by this? And how can you avoid being hacked? We explain it all in this article.
Servers
Let's start with the basics, namely servers. Because how exactly do they work? A server is not all that different from the everyday computers we use. You can compare a server to a computer that provides a service 24 hours a day, 7 days a week in an intranet or on the internet. You can compare a server application to programs like MS Word that you install on your computer. Such a server application is also called a web service. The difference, however, is that so-called ports are opened so that the services can be and remain accessible to users through those ports.
Webservice
When installing a program that provides the webservice and thus makes websites accessible to users, ports 80 (HTTP) and 443 (HTTPS) are opened. A commonly used program for this is Apache2. If programs such as Apache2 are properly configured and kept up-to-date, it is safe to run such a service. However, it often goes wrong due to a poor update policy and cybercriminals can take advantage of the so-called vulnerabilities that become known along the way.
Vulnerabilities
A good example of a vulnerability that would rock the entire world in late 2021 is the Apache Log4j vulnerability. But taking a step back, how do these vulnerabilities actually arise? For every program, an update is released once in a while. These are intended for extra features, but also for closing (patching) vulnerabilities (in the software).
When vulnerabilities become known, developers (such as gray hat hackers) see an opportunity to write a program to demonstrate that the particular vulnerability can be exploited. These programs are called exploits. These exploits are often open to anyone and available at exploit-db.com and the metasploit framework, for example, which is present by default in the Kali Linux operating system. Many hackers can then use this well-intentioned information to harm companies that do not have a good update policy without too much effort.
A good update policy
We've mentioned it before, but to avoid being hacked, it is important to have a good update policy in place within your organisation. So try to install the latest updates as much as possible and maintain an adequate update schedule. In addition, it is wise to not skim over the security and privacy settings during the configuration of a service.
Pentesting & Vulnerability Management
In addition to maintaining an update policy, it is also advisable to perform pentesting. This involves testing your computer systems such as applications, networks and websites for vulnerabilities. If any vulnerabilities are found, then attempts will also be made to actually break in. It is also important to continuously monitor your IT environment and applications for vulnerabilities, also known as Vulnerability Management.
Contact
Want to learn more about how cybercrime works? Then follow one of our cybercrime training courses. During the cybercrime training sessions, our trainers discuss how cybercrime works, what traces a cybercriminal can leave behind and how these traces can be used in an investigation.
In addition, we also offer the services of Pentesting & Vulnerability Management. This will give you insight into how cyber-secure your organisation is, so your security department can get to work immediately on making your IT environment more secure. For more information, see our website or contact us.
