+31 (0) 546-714360
0

Safety First – Wazuh versus cyber attacks

  • Reading time: 2 minutes

Since the coronavirus crisis, the number of cyberattacks has increased significantly, as reported by various media. Phishing emails, malicious links, fake web pages—everything is being used to steal login credentials, embezzle money, and take down servers. At Shock Media, we are always working to protect ourselves against cyberattacks. One of the ways we do this is with Wazuh. In this blog, I’ll tell you everything about digital attacks and how we use Wazuh.

 

About me

I’m Mike, I’m 23 years old and I’m from Oldenzaal. I work at Shock Media as a System Engineer. I ended up at this company through my former classmate Ruben, who also works at Shock Media. During my university studies, I already noticed that IT security really interested me. That’s why I made it my profession. IT security is a very broad concept, but I find it particularly interesting to see how you can protect companies against digital attacks. How do those attacks work and how do attackers get in? If you know that, you also know how to protect yourself against them. That’s of course very important for us at Shock Media: making sure our customers’ data is safe and stays safe. And as it happens, I really enjoy working on this as well.

Thinking like an attacker and a defender

To be able to defend against attacks, you have to think like an attacker, but also like a defender. In addition to my studies, I also took an intensive course that teaches you how to penetrate systems—basically, how to play the intruder. This naturally also teaches you how to defend against it. But when you’re on the defense side, like we are, you also see in logs what is being attempted and based on that, we can further strengthen our defenses.

About Wazuh

Wazuh is an open source security monitoring system. Quite a mouthful, but it means that Wazuh can perform certain actions based on events. A simple example is that Wazuh reads the log files and sees, for instance, that someone is attempting to log in—which is of course not a problem. But if this happens multiple times incorrectly within 20 seconds, it is flagged as illegitimate and Wazuh blocks it. However, it does this not only on that server, but also immediately on the thousands of other servers, so the attacker cannot continue in other environments.

We provide Wazuh with complex rules so that it works optimally for our environments. This way, we block as many attacks as possible without accidentally denying access to our own customers or legitimate visitors. It’s a complicated process that is never really finished. Digital attacks change over time, so we continuously adapt our security accordingly.

Of course, Shock Media already had several tools in place to combat digital attacks. These worked well, but I knew Wazuh could do this even faster, better, and more advanced. That’s why we started with extensive testing and then implementing it.

Always under fire

You have to imagine that our servers, like many other servers on the internet, are attacked 24/7. There are many malicious actors in the world who have created or use partially or fully automated ‘hack scripts’ to scour the internet and try to attack or break into servers—including ours. The numbers are staggering. Sometimes we see that there are millions of illegitimate login attempts per day on our servers. These are, for example, brute force attacks: an attacker uses automated software to try all kinds of passwords until the correct one is found and access to an environment is gained.

Additionally, we see many attacks on specific applications like WordPress websites. WordPress is frequently used for building and managing websites because it’s easy to use, highly versatile, and well-supported. Within WordPress, you can use many different plugins to expand functionalities, such as a plugin for a contact form. However, these plugins also pose a potential risk. If the developer of such a plugin stops maintaining it and no longer updates it, attackers may find a vulnerability in these plugins and gain access to the web hosting environment.

We can configure Wazuh to detect these hacking attempts and block further access to the system for the attacker. A ‘normal’ visitor would never carry out such hacking attempts, so we can say with near certainty that an attacker is trying to exploit a vulnerability in a website. This is how we prevent attacks on a hosting environment. It’s a continuous process. New vulnerabilities are found every day, which is why we keep adding more rules to Wazuh to detect new requests as well.

Safe and fast

This way, we keep our servers and environments not only safe but also fast. You have to imagine that every time someone tries to log in, this requires processing power. Another request has to wait for this, even if it’s just a millisecond. If a brute force attack is carried out and 2,000 login attempts or requests are made and the time adds up to 2,000 milliseconds (2 seconds), it can have quite an impact in the end. We notice a big difference when we have deployed Wazuh on a server. It becomes noticeably quieter. So, in addition to security, our clients and their end users also benefit from no unnecessary processing power being wasted, ensuring environments remain optimally fast.

Constant development

Our team has already invested many hundreds of hours into Wazuh, and we will continue to do so in the future. We must keep developing to stay one step ahead of attackers—often, not just one step, but ten steps ahead. Every setting has an effect. The key consideration remains: how can you block as many illegitimate IP addresses as possible while also preventing legitimate actions from being blocked?

Fortunately, it’s rare for legitimate actions to be blocked. As mentioned earlier, we are constantly under attack. That means we automatically block tens of thousands of actions based on IP addresses, among other things. So we can’t immediately see if a legitimate request has accidentally been blocked. We only notice this if the person contacts us. We can then unblock this IP address and possibly whitelist it, so it won’t be blocked again if someone tries to log in incorrectly a few times—for example, if their Caps Lock is on. However, the small chance of a legitimate action being blocked is often outweighed by the enormous risks of not using automatic blocking.

What you can do yourself

It’s a standard tip, but make sure to use strong passwords. The password Welcome01 will of course be tried and guessed very quickly in a brute force attack. Also use multi-factor authentication if possible. And for WordPress users: make sure the plugins you use are up to date and stay up to date, and delete plugins you no longer use, so attackers cannot break into your hosting environment through those plugins. By keeping this in mind, together we can prevent 99% of problems.

Want to know more about secure passwords? Our Security Officer Timo is happy to give you tips!

Interested in what you see? Share this with someone you know.

Maureen Kerkemeijer
Maureen KerkemeijerContent Marketeer
Go to:

Other news

Virtual teams, in-depth technology, complex challenges and personal growth

Working at Shock Media means working at the most enjoyable and largest managed hosting provider in the Netherlands. We build future-proof solutions wi…
Lees meer

Observability in Laravel, more insight into your application

There comes a point where your website or web application starts to grow and it becomes increasingly busy. This makes it more and more important that…
Lees meer

Hosting migrations: the migration process of Kobalt

The migration of your applications often feels like a big and exciting step. No worries. At Shock Media, we handle the most diverse migrations almost…
Lees meer

The role of Shock Media in the open web concept

Municipalities in the Netherlands must all comply with laws and regulations. This means that their websites must be secure and accessible for citizens…
Lees meer

Sovereign Cloud: Control, Compliance, and Data Localization

Many Dutch organizations place their applications and data in the cloud. Well-known platforms such as Microsoft Azure, AWS, and Google Cloud are popul…
Lees meer

Shock Media successfully completes SOC 2 and ISAE 3402 type 2 audits

In an era of stricter laws and regulations, increasing cybersecurity requirements, and supply chain responsibility, high-quality and secure Managed Ho…
Lees meer

No more hosting issues – let us help you!

With 25+ years of experience, we provide fast, secure hosting – always with personal 24/7 support. Join thousands of satisfied customers and make your website shine. Contact us now for a free consultation!
Send us a message

Personal 24/7 support

Direct contact with specialized engineers, available day and night.

Certified quality & security

ISO 27001, NEN 7510, ISO 9001, SOC 2 and
ISAE 3402 certified.

Experienced team with Linux specialists

More than 25 years of hosting expertise for business-critical environments.

We offer 24/7 managed solutions for websites, webshops, and applications. This allows you to stay focused and rely on a stable, fast, and secure environment.

  • Managed Cloud Servers
  • Managed App Platform
  • Managed Kubernetes
  • Private Cloud
  • Public Cloud
  • Linux Server Management
  • Security Management
  • All solutions

Fully optimized solutions for your framework and/or CMS. Maximum speed, performance, and technical support.

  • WordPress Hosting
  • Magento Hosting
  • Laravel Hosting
  • Drupal Hosting
  • Craft Hosting
  • Medical Hosting
  • Custom Hosting
  • All applications

With industry-specific knowledge, we give you a technological edge. Discover the possibilities and solutions that suit you!

  • Digital Agencies
  • eCommerce
  • SaaS Providers
  • Enterprise & Government
  • Healthcare
  • iGaming
  • Managed Service Providers (MSP)
  • All branches
+31 (0) 546-714360
info@shockmedia.nl
View current notifications
0