Most people never go through the experience of dealing with a cyber attack, so they assume that it is not something they should worry about when setting up their online business. If you’ve been operating a personal computer, then this is probably the reason why you’ve never been targeted. Hackers tend to attack networks and computers that are of value to them, so don’t be surprised if your “longstanding immunity” to attacks suddenly diminished after your online business begins to thrive. One attack in particular that you should be aware of is the infamous inference attack. In an inference attack, also known as a SQL injection, the perpetrator inserts an SQL code into a form to gain access to crucial information that is stored in on of your website’s databases. While this may sound like something that only happens to small business owners, it actually happens to large corporations as well. In fact, in recent years this kind of attack has resulted din millions of dollar in fraud. To protect yourself from an inference attack, heed the following tips.
Encrypt All of Your Site’s Data
If your website frequently exchanges sensitive date such as credit card numbers or bank information, then you’ll want to make sure all of your website’s data is encrypted with SSL or TSL. Keeping your data encrypted ensures that in the event of a security breach, the intruder will not be able to use the encrypted information to their advantage.
Use Secure Web Applications and Forms
Although there are many useful web applications available, many of these tools represent the biggest security risks for companies. This is because hackers use these applications to gain access to the back-end of your website. Therefore, you should be very cautious about which web applications you use in the administration of your website. Make sure all applications and forms used are designed with secure code. You should also make sure your website’s users do not have the capability of sending SQL queries, as this is how most hackers execute inference attacks. Avoiding malicious code input from hackers is the first line of defense in preventing an inference attack. You should also avoid using dynamic queries. Dynamic queries allow hackers to send and receive SQL information over the internet in plain text, therefore these queries present a substantial security risk. Many experts recommend avoiding the use of dynamic queries altogether.
Execute Updates Regularly
Keeping your operating system and website updated is an important part in maintaining the security of your online business. Many people don’t realize that maintaining the security of their website is a full time job that needs to be tended to daily. For this reason most security companies update their software as soon as a vulnerability is recognized. To avoid an inference attack, or any other attack, you should keep you website and operating system updated, and make sure you are ware of any new developments.
January 19th, 2010 at 11:02 pm
Great points. It’s the “it won’t happen to me” syndrome or just plain ignorance, but how do you balance usability with the need for security?
February 2nd, 2010 at 10:29 pm
Speaking of cracking, http://www.twitter.com got passwords stolen just 2 days ago. Seems that no site is safe.