Last Updated on Sunday, 08 August 2010 15:14 Thursday, 18 June 2009 17:00

Q: Why would hackers attack our servers? And, even if they do, doesn't our firewall prevent the attacks?

A: The question isn't why would hackers attack your servers, but why wouldn't they? The same question could be asked about why your business office would be broken into by thieves, but you would never say that no thief would want what you have in your office.

The truth is, if your company has servers, a network, and an Internet connection, hackers will eventually attack and compromise your servers. If you plan for fires, floods, and earthquakes, you should approach a server hack attack the same way, with the assumption that it will eventually happen. Even if your company has no servers and depends completely on outside companies for the applications you use to run your business, you have to assume that eventually hackers will attack those servers where your sensitive data is located, and you should be prepared.

So, once you realize that your servers and/or data will eventually be compromised, you have to have procedures with checks in place to discover when it has happened and to restore the data and server security as soon as it has happened. Normally, the checks involve looking for attacks and preventing them, looking for server log errors that would indicate the server has been compromised, looking at data or app logs for indications that someone is illegally accessing and possibly modifying or destroying the data, etc. Depending on the server, application, and data, these checks should happen daily, weekly, or monthly and often are performed during regular maintenance.

Why go to the trouble of having procedures to find out when your servers or data has been compromised? Because a hacker's number one objective is to take over your server data and resources (or even your user computers) without you knowing. This is very important to realize: hackers want to use your servers or data without your knowledge. A hacker who has been caught is a hacker who has failed, and most hackers do not fail.

Why should you care if your server has been hacked as long as it keeps working? First, because how would your company's partners, customers, and general public (if your company is publicly traded) react to the knowledge that your data, often including their data, has been stolen by thieves? Needless to say, their reaction would be negative. Second, if your server or data has been hacked, it's only a matter of time before the hacker uses something on them that will cause failures or data loss. A hacker's number two objective is use your company's server resources to do things he wants, like attack other servers, send spam emails, crunch numbers to crack encryption keys, etc.

If it's just data, it will be to gain access to interesting information, which you may not even realize is interesting. Obviously, hackers would want access to customer credit card or other identity-oriented data like social security numbers or email addresses, but the most common reason company servers and data are hacked successfully is often because someone in the company decided they had nothing that a hacker would want.

Alright, so doesn't your firewall stop hackers and attacks? Well, it stops hackers and attacks on servers and services that your firewall blocks, but not things that are left open by the firewall. A network firewall is nothing but a virtual brick wall with thousands of bricks and dozens or even hundreds of holes. The holes in that brick wall are there to allow legal access to your servers, services, and data, but they also allow hackers to attack those same things. Hackers can even use different Internet protocols to completely bypass your network firewall, but the company that sold you that firewall will never tell you that.

Well, you probably have your firewall locked down and configured with only a few holes, right? And you regularly monitor the firewall's monitoring of those holes so you'd know when you've been attacked, right? Those are things you should be doing along with regular maintenance of your servers and services. The regular checks of your servers would also indicate to you when they've been attacked and your firewall failed to report the attack, such as when a hacker bypasses your firewall.

This article only scratches the surface of the problem faced by small to medium sized businesses, especially in today's challenging economy. Please This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call us today before the inevitable happens.