Home > Our Products > Three Important Network Security Rules We Can Learn Form Yahoo’s Hack

Three Important Network Security Rules We Can Learn Form Yahoo’s Hack

Yahoo was the latest victim at the hands of the elusive internet hackers, who had siphoned off a lot of personal information from the Yahoo servers. This hack compromised thousands of Yahoo accounts, and the personal details of thousands of users were stolen by the hackers. Analysts are still groping with the possible consequences of this attack and the repercussion the company might have to face from its users. But the bottom line is that we have to realize a network is always vulnerable and as we incorporate newer security measures, there are hackers working in parallel to find ways to get past the barriers.

A Wake Up Call

The Yahoo attack, although unfortunate for many users and the internet giant itself, is like a wake up call to the internet community in general, reminding us that we are never safe. We should always be on our toes and should take additional measures even at the slightest hint of trouble. Yahoo’s security team did some fatal mistakes which highlights their incompetence and negligence. Here are some of the mistakes done by Yahoo, which we must avoid to ensure that our networks remain safe.

Passwords Should Always Be Encrypted

Data encryption is something that has improved by leaps and bounds. Encryption techniques available today are so advanced that even a supercomputer will take hours to crack it using brute force. Not to mention the variety of encryption techniques available, which means that the computer will have to figure out which technique was used before trying out the brute force attack.

But surprisingly, Yahoo stored the passwords of their users in plain text. Maybe they were so confident about the barrier around the password storage location that they didn’t feel the need for the passwords themselves to be encrypted. This is plain overconfidence and negligence on  part of Yahoo and because of this glaring error, innocent users had to suffer.

Password encryption is a must, irrespective of whether it is a site which offers user accounts to the visitors or just a password storing application. There are a number of encryption techniques with varying degrees of complexity. You can choose any of them. In fact, it is a good idea to use an encrypted version of some easy to remember phrase as your password so that your password will be random and hard to guess.

Networks Should Be Monitored Regularly

If you have a network of computers backed by a server, a monitoring team is an absolute must. Let us take the example of Yahoo hack. It is said that the hackers copied an excess of 2000 tables in the database and also close to 300 MySQL variables. All these were transferred form the Yahoo server to the computers of the hackers. If the system admin had noted this abnormally high flow of data and double checked it, they would have noticed that this was a hack and they could have taken preventive measures.

Regular network monitoring will help you in keeping an eye out for these kinds of abnormalities. Also, you can keep an eye on the IP addresses flowing through your servers. Some hackers use anonymous social media accounts for their hacking projects, so that even if the hack is traced, the hacker’s location cannot be tracked. You can identify all those flaws and make sure those IP addresses are blocked.

Reducing Access Privileges

When you set up a website or a network, you must ensure that the users at the grass roots level will have the least amount of privileges. Also, they should be able to perform all their online activities with those privileges. In the case of Yahoo hack, the hackers obtained administrative privileges to the database. This was because users were given higher privileges, and through them, hackers gained access.

Categories: Our Products
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: