Seven Ways to prevent Anonymous attacks

The hacker organization Anonymous uses a series of simple technical methods and social engineering to attack the network of the security technology company HBGary Federal, many of the network technical issues covered here are worth the reference of other network security experts.

The most important lesson is to conscientiously follow the best practices of Enterprise defense. In addition, many other lessons can be learned from the attack accident of HBGary Federal.

Aaron Barr, CEO of HBGary Federal, obtained information about members of this secret international organization and has begun to commit his identity to the investigation and cooperation phase with the FBI, this immediately angered Anonymous and they began to lock HBGary Federal for attacks. The Anonymous Organization launched an attack to cancel providers that provide the Wiki decryption service.

HBGary Federal was hit by thousands of company emails being publicly published, and Twitter pages of websites and CEOs were defaced, and its reputation was severely affected.

The following are seven ways to avoid Anonymous attacks:

1. Do not assume the type of attack you will be attacked. Barr believes that Anonymous only launched a DdoS attack on the company's website, just as the Organization has attacked other companies, but this is not the case.

2. Use a tested Content Management System with updates, patch fixes, and support. HBGary Federal uses a custom CMS for its website, which is vulnerable to SQL injection attacks. This is also a trick for Anonymous to successfully access the HBGary Federal database.

3. Perform full hash or rehash on the passwords stored in the database (Recreate the internal table used by the hash mechanism ). HBGary does perform the hash operation on its password, but they do not add additional characters (used to remove to display the real password ), there is no hashed password to increase complexity to crack the hashed password. These passwords will still be vulnerable to brute force attacks, but it will take a longer time for attackers.

4. Use a high-strength password. Long passwords with various types of characters on the computer keyboard will be more difficult to crack, in this case, the rainbow table (a rainbow table is a large set of hash values pre-computed for various possible letter combinations, not necessarily for the MD5 algorithm, but for various algorithms, with this tool, you can quickly crack various types of passwords.) It is difficult to crack passwords by using a password cracking tool. If the password is composed of long string characters and all types of symbols (not just letters and numbers) on the computer keyboard, the hash of the password will become very complex, it is difficult to create a rainbow table for this password. However, the administrator of HBGary uses a simple eight-character password, two numbers and six letters, and the rainbow table can quickly crack the password.

5. do not repeat the password. Some HBGary managers use the same password to access the company's CRM system and their network emails, and even Twitter, SSH authentication, and enterprise storage servers. One of the passwords cracked by the attacker is the Google account of the company's email administrator. Because he uses the same password for multiple accounts, all emails of the company were eventually cracked.

6. Keep the system updated. HBGary's key servers have a known privilege escalation vulnerability, and patches have been released. Anonymous has used this vulnerability.

7. improve users' awareness of social engineering. Anonymous sent an email from Greg Hoglund, the founder of HBGary, to the network administrator asking him to provide confidential information, just as Hoglund was asking. In the reply email, the Administrator opens the firewall port and provides the username and password of the Hoglund server (the server of the company's rootkit.com website.