The continuation in the advancement of technology generates approximately 2.5 quintillion bytes of data daily. Protection of the data is a vital responsibility of the service provider company. Data security has now erupted as a big concern and must be guarded in proficient ways.
Big data security- this term aggregates all the measures and tools which are used to safeguard both data available cloud and on-premise from malicious activities, attacks, or any thefts that could compromise their confidentiality.
Data is vulnerable:
The increase in the amount of data is directly proportional to threats like DDoS attacks, information piracy, ransomware etc. These attacks could turn even worse when companies store sensitive and confidential information like Contact Info, Identity Information, Credit Card numbers, Bank Details etc. Additionally, attacks on a provider company’s big data could cause severe financial repercussions such as losses, litigation costs, and fines or sanctions. In fact, an unauthorized user might get access and misuse your big data and sell valuable information.
Today most of the data incoming/outgoing pass through Web API. In part, we are sharing some key errors by developers that could lead an organization to significant risk and some simple techniques to mitigate this risk.
Web API mistakes:
The common mistakes made in Web API are listed below:
- Simple authentication like username/password
- Weak token encryption
- Sensitive information like token, username, a password is stored in plain text in cookies
- No data authorization. Any authorized user has access to all data
Also Read: How To Improve Web Application Security?
Best Practices to tighten the Big data Security:
A) Authentication
API security is complex and requires an explicit crystal knowledge. Many times you built an API that you want to the public, but at the same time, you do not want everybody to access it. In such cases, you need to have control over who can access the API.
For the same reason, use strong authentication like OAuth 2.0, token using HMAC Algorithm or SHA256 with an expiry date. For an additional security use whitelist source IP Address. This would avoid requests for a given token from unauthorized IPs.
Always keep a log of all authentication request with DateTime stamp and source IP.
B) Authorization
The authorization permits a user to grant or restrict permissions on functionality and data. Always implement authorization at Logic or Database Layer. i.e. each request must be authorized of ‘which data access’ is allowed.
C) Brute force
A brute force attack is a trial and approach type cyber attack with a purpose to crack a password or username or find a hidden web page or find the key used to encrypt a message. This method being old is still active and popular among hackers. In this attack attempt, attackers try different user-names and passwords or tokens.
To stop such attacks write codes in a way to auto-detect brute force attack or slow down a client if it makes the number of requests often or directly block such IP for some time.
D) Cookies
Cookies are stored in the browser cache and are easily readable. Never leave sensitive data in cookies as plain text. Use secure encryption like AES 256 with unidentifiable cookie name. Like ‘token’ can be named as ‘zeta’.
E) Set Limits
Set request limits per minute/hour. Configure alerts for flooded request from the same IP.
These are certainly best practices to endeavour the best cybersecurity and nullify the looming attacks.