Sunday, September 15, 2019

Web Server Attacks

Web Server Attacks Aaron G. Flaugh Strayer University Dr. Patricia White April 15, 2013 Web services are the most frequently attacked services of the modern network. There are three common attack types. They are all mitigated in different ways, this paper will discuss the means of protecting against them. The most effective attacks are call Denial of Services or DoS attacks. No organization is save from a denial of service attack even the federal government has been successfully attacked. How corporations can reduce the risk of these attacks will also be discussed.Web Application Vulnerabilities Web services have become one of the most frequently used technologies in business today, therefore it is no surprise, which are among the most frequently targeted applications. There are five common types of attacks for web services: SQL injection, remote file inclusion, local file inclusion, directory traversal and cross site scripting. Those were just the technical type attacks there are al so two other business layer attacks, they are email extraction and comment spamming.According to a survey group iMPERVA; cross-site scripting (XSS) accounts for twenty-nine percent of sampled attacks, directory transversal (DT) accounted for twenty-two percent, local file inclusion was fifteen percent of the attacks, SQL injections were fourteen percent of the malicious traffic, business logic attacks accounted for another fourteen percent and finally remote file inclusion only accounted for six percent of the traffic. The business logic attacks were split as follows email extraction was nine percent and comments spamming accounted for five percent of the section. Cross-Site ScriptingIn this attack type the attacker attempts to hijack a user session then steal the information that they need to log on to the site. Sometimes they hijacker inserts hostile content or redirect the user to a malicious site to steal information. The final flaw that is used is not properly validating and es caping that content. Directory Traversal Directory traversal is attacking parts of a web site that are not typically exposed to the public viewers. This an exploit of the security of the web server. It is also possible to use this attack by not properly removing user-supplied file names to the file API’s.SQL Injection Attacks against the background database server is called SQL injection attacks. Using this type of attack the attacker is able to steal the data contained on the page or site. This attack is most viable when user input is either incorrectly filtered for escaped characters in the SQL statements or the user input is not typed appropriately. Combating Web Server Attacks There are several things that users can do to protect themselves from web server attacks. First they can patch their operating systems up-to-date. Second, install a personal firewall, anti-virus and anti-malware tools.Use complex usernames and passwords, and change passwords regularly. Finally, turn off client-side scripting such as JavaScript or ActiveX. On the web server side, there are some suggested fixes. First of all implement SSL connections however, it used to be that 128-bit encryptions was sufficient according to Saumil Shah from Net Square. Now it is not uncommon to utilize 1024-bit RSA encryption on SSL certificates. Second, run a best practices analyzer or threat analyzer and implement security fixes. Another, security method to protect internal resources through the use of reverse proxy servers.The final solution to these web attacks is the human element, verify code written by developers and correct any errors discovered. Denial of Service Attacks The most feared attacks on a network is denial of service attack or a distributed denial of service attack. In both attacks the objective is very simple as the name implies it is to disrupt the flow of information into a network, generally the objective is not to steal data or release confidential information. Denial o f service attacks are performed usually by a single attack thus, are much easier to defend against.Distributed denial of service attacks are much more difficult to detect and thus much more difficult to defend against. They are generally coordinated amongst many individuals or through automation using botnet malware. Defending and halting denial of service type attacks can be very easy to stop since they are from one threat. The first defense against this type of attack is the use of access control lists on either the firewall or on the border router. Cisco uses the following syntax in its IOS enabled devices: permit tcp eq .Within Cisco’s firewall products the PIX or the current Adaptive Security Appliance (ASA) the syntax is similar to that of the IOS devices. Cisco’s ASA platform has a much more diverse set of features to block attacks at the border of the network. The ASA con also be configured to detect and block ICMP flood attacks. The more sophisticated web se rvers can be configured the block http attacks. Cisco also offers products that are designed to detect and block single origin attackers. Most operating systems have firewall functions that are built into them.Third party security companies such as Symantec, Sophos, McAfee, and Zone Alarm offer personal firewalls to potentially block an incoming threat. This is the best alternative if a person or group doesn’t have control of their border devices. There are two other means by which a single attacker can be stopped. They are interrupting the communication between a hacked machine through the use null routes on a pc or device its, however this is sometimes very difficult to accomplish and only works on some Operating Systems.The final means by which to slow an attacker down is to enable web server security to block connections from the particular ip address. In a distributed denial of service attack there is generally no clear indication of which ip addresses are causing the ev ent. This make the DDoS attack extremely difficult to detect and defend against. Most the time DDoS traffic looks like ordinary network traffic, which makes detection difficult if not impossible in some cases. DDoS attack can be used against many different protocols used in network including TCP, UDP, ICMP and DNS, using flooding techniques to overwhelm a victim’s network.One of the best ways to prevent http or https flooding attacks is the incorporation of reverse proxy servers into the mix. The proxy server sits outside of the network and acts like a traffic cop in many ways. It doesn’t allow packets through that it deems at threat. It also breaks up or fragments the requests from the outside world. Department of Justice attacks Many organization has fallen victim to web server attacks. In October 2002, a DDoS attack was used to cripple the internet in the United States.This was done by simultaneously attacking eight of the thirteen root DNS servers. The Federal Gove rnment has fallen victim to DDoS a number of times, the Department of Justice has been attacked twice in the last eighteen months. In the last two notable events in January of 2012 and just this past January, the hacker group Anonymous has claim responsibility for the attacks. They were targeted in protest of the Stop Online Piracy Act and most recently in support of Aaron Swartz who had recently committed suicide.The only possible way that DDoS attacks could be carried out against the government’s servers is either enlisting thousands of people to assist by flooding the webservers with http requests or by the use of malware and the use of botnets. In either case the, it would take a lot of time to detect the attack and even more time to stop the attack. DDoS attacks on the Federal Government would need to be extremely complex and would take a long time to plan and carry out. I do not believe that they are as easy to carry out as some make it out to be.In order to mitigate at tacks in the future the Government needs to do several things. Implement reverse proxy server in front of the web servers. Make sure that all security fixes are up-to-date on all servers. Implement policies and procedures tracking changes to the web server security settings. Verify all user supplied information through the use of security images or the use of services like capture. Use of web services are common these days. Corporations, users and Government all need to take steps to protect themselves from web server attacks.This can be done in a variety of ways and is the responsibility of the information services to help management understand and prevent these attacks. References Geiger, William (2001). SANS Security Essentials GSEC Practical Assignment 1. 2f Practively Guarding Against Unknown Web Server Attacks Murphy, David (26 January, 2013). Pro-Swartz Hackers Attack U. S. Department of Justice Website retrieved from http://www. pcmag. com O’Keefe, Ed (20 January, 201 2). How was the Justice Department Website Attacked? Retrieved from: http://www. washingtonpost. com Romm, Tony (19 January, 2013).After Anonymous claims hack, DOJ site back. Retrieved from: http://www. politico. com Shah, Saumil (2002). Top Ten Web Attacks Presentation at BlackHat Asia Thatcher, Greg. How to Stop a Denial of Service Attack? Retrieved from: http://www. gregthatcher. com Weiss, Aaron 02 July, 2012). How to Prevent DoS Attacks Retrieved from: http://www. esecurityplanet. com Cisco Systems (2004). Defeating DDOS Attacks White Paper Citrix Systems Protecting Web Applications from Attack and Misuse Imperva (2012). Imperva’s Web Application Attack Report Government of Hong Kong (2008). Web Attacks and Countermeasures

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.