- 25 Jun 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Security strategies for moveIT web applications
- Updated on 25 Jun 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
With our products moveIT WEBCON, moveIT EASY and moveIT CONBOX, you use state-of-the-art web applications that offer minimal security risks out-of-the-box and have been developed with the utmost care with regard to security aspects. Our solutions are designed to reduce the attack surface for potential threats while ensuring a user-friendly experience.
As part of the installation of our products, we carry out a "hardening" of your web server service in order to offer as little attack surface as possible.
However , since the risks on the Internet are constantly changing, we would like to expressly point out that the ongoing security of your hosted Windows system is your own responsibility.
Responsibility
Since you have complete control over your moveIT system(s), you are also responsible for implementing and maintaining the security measures.
Recommendations
We therefore recommend that you implement the following security practices as part of your regular maintenance routines to ensure the integrity and confidentiality of your data.
Use of strong passwords:
Choose complex and long passwords that contain a combination of letters, numbers, and special characters.Regular password changes:
Change your passwords periodically to prevent potential security risks.2-factor authentication:
If possible and technically available, 2-factor authentication should be used .
Regular Windows Patching:
Keep your system up to date by installing the latest security updates.
Restriction of RDP access:
Restrict Remote Desktop Protocol (RDP) access to specific IP addresses to prevent unauthorized access.Web Application Firewall (WAF):
Use a WAF to protect your web applications from common attacks and vulnerabilities.Regular security checks:
Perform regular checks of your security settings to ensure that your system is protected.
Hardening
As part of the installation of our products, we carry out a "hardening" of your web server service in order to offer as little attack surface as possible.
If there are new aspects and findings regarding the "hardening" of the system, these are actively communicated.
We ask for your understanding that the points that were carried out in the hardening are not listed here for safety reasons. If you would like to view a list, please contact your responsible project manager.
Web Application Firewall (WAF)
Web application firewalls (WAFs) are critical security components for web applications that protect against attacks.
What is a WAF?
A web application firewall (WAF) is a type of application firewall that protects a web application from web-based attacks. It acts as a security checkpoint or gatekeeper for traffic flowing to and from a website or API.
How does a WAF work?
The WAF monitors the traffic between the application and the Internet.
It applies rules to prevent attacks such as cross-site scripting, SQL injection, and broken access control.
The WAF analyzes HTTP requests, including GET, POST, PUT, and DELETE, as well as the headers, query strings, and request body for suspicious patterns.
If it finds a match, it blocks the request and notifies the security team.
Why is WAF security important?
WAFs are crucial for online businesses that need to protect sensitive data.
They prevent data leaks, malicious code injection, and meet compliance requirements such as the Payment Card Industry Data Security Standard (PCI DSS).
Because web applications are vulnerable to security risks, WAFs are designed to combat common web attacks such as malicious bots.
Advantages of WAFs:
Block malicious traffic: WAFs prevent malicious traffic from reaching the web application.
Improve security practices: Provide an additional layer of security for poorly developed or outdated applications.
Protection against common attacks: WAFs block known attack vectors and prevent malicious traffic from reaching the application.
Overall, WAFs are an indispensable part of the web application security strategy and protect against the increasing threats in the digital space.
WAF Service Provider:
If you do not host your moveIT product in-house but in a data center or hoster, a WAF service is usually offered there - in most cases as an add-on package. If you host your server, many hardware firewalls also offer WAF services.
Otherwise, there are WAF service providers. Among the best and most efficient are Cloudflare and Sucuri.
Tool EvlWatcher
EvlWatcher is essentially a tool that detects attacks on a Windows system and puts attacking IP addresses on a blacklist.
The service creates a firewall rule called "EvlWatcher" and updates it every 30 seconds based on the Windows event log.
What does EvlWatcher do?
Scenario:
Attackers try to overwhelm your service (e.g., RDP) with brute force attacks. You can clearly spot these attackers and their IPs in the Windows event log.Functionality:
EvlWatcher monitors and responds to the Windows event log.Regulate:
If a rule is violated (e.g., more than 5 unsuccessful login attempts in 2 minutes), EvlWatcher places the attacker in a generic firewall rule and blocks them for 2 hours.Permanent blacklist:
In the case of repeated attacks, attackers end up on a permanent blacklist by default.Adaptation:
You can customize the rules to your liking.