Home     Free Vulnerability Scan (IVS)     About     Security Blogs     Contact Us

Here's what happens if you don't use IDS!

As an experiment, I deployed a new web server onto Amazon Web Services (AWS), and monitored it with an Intrusion Detection System (IDS) to see how quickly it was attacked. Here's what I discovered!

www.itpentest.com Intrusion Detection System

www.itpentest.com Intrusion Detection System

With just 24 hours/data, the IDS provided huge intelligence:
  • Observation: Global attacks - Republic of Korea (32%), US (31%), Brazil (15%), China (11%), Italy (9%)
    • Learning: Geo-block to significantly reduce attacks

  • Observation: Top attack types - Web server 400 error (1,083), SSH attempt as non-existent user (503), Insecure connection attempt (scan) (13), brute force attack (12)
    • Learning: Review URL points/close, have a strong password policy and IDS with active-response

  • Observation: Busiest attack period - 22:00–01:00, 08:00-10:00
    • Learning: If servers aren’t used during these times, shut them down to mitigate attacks; also provides peak risk times for closer monitoring

  • Observation: Hardening audit intelligence - empty passwords allowed, wrong grace time, wrong max number of authentication attempts, allow URL fopen is enabled, export PHP is enabled, root can log in
    • Learning: Fix these to significantly reduce exploits

...and this was with just an empty web server - imagine what happens to the sophisticated rich web applications! Without IDS, you don't have visibility to be able to protect yourself.

As a side note, this IDS I used is made up of a few simple open source tools - so at no software cost, you could easily strengthen your security.

Have you seen our other blog Live Intrusion Detection System (IDS) Dashboard Demo?