General infrastructure protection
Here are some general recommendations on infrastructure protection:
- Routers can be configured to refuse automated collection of information about the system via the so-called footprinting method. This method involves creating a sketch of the network based on the fingerprints generated by sending digital signals. It should also be noted that the routing of data takes place according to different protocols, because they can be the main source of information for attackers. Mapping of routes through which data is transmitted (tracerouting), detection of active devices on the network (ping) and similar methods can reveal to the attacker the entire infrastructure, i.e. the number and type of routers, computers and the way they are connected. Good practice dictates that ICMP requests be enabled for the web server, while the configuration for other servers and the internal network is set so that these requests are rejected;
- Unnecessary server protocols should also be disabled. For example, everything can be blocked on the mail server except the protocols used for email (IMAP, POP, etc.) while web servers can be structurally configured so that access is provided only to public resources. Access to other folders and files, as well as the administrator part of the portal, should be disabled to avoid unauthorized access and data leakage;
- Close unnecessary ports that no application on the server uses, with the appropriate configuration of network barriers (firewall).
- By using intrusion detection systems, suspicious traffic is identified and rejected and footprinting attempts are registered;
- Using anonymous registration services, information about the domain registrant can be hidden. However, it should be borne in mind that the reputation of a credible organisation is built through transparency, and this technique is not recommended in every situation.