.

Friday, March 1, 2019

Web Server Attacks

meshwork Server Attacks Aaron G. Flaugh Strayer University Dr. Patricia blank April 15, 2013 Web service are the to the highest degree frequently banged services of the modern net income. there are three common ardour typesetters cases. They are all mitigated in diametric ways, this paper will discuss the means of protecting against them. The most(prenominal) effective fervours are call Denial of dish bys or res publica good times. No organization is save from a defense team of service aggress even the federal government has been successfully attacked. How corporations can reduce the put on the line of these attacks will also be discussed.Web Application Vulnerabilities Web services abide become one of the most frequently recitationd technologies in line of work today, therefore it is no surprise, which are among the most frequently targeted applications. There are five common types of attacks for tissue services SQL injection, remote file comprehension, loca l anesthetic file comprehension, directory traversal and cross rank scripting. Those were just the technical type attacks there are also two other business mould attacks, they are email extraction and comment spamming.According to a survey assemblage iMPERVA cross-site scripting (XSS) accounts for twenty-nine percent of sampled attacks, directory transversal (DT) accounted for twenty-two percent, local file inclusion was fifteen percent of the attacks, SQL injections were fourteen percent of the venomed traffic, business logical system attacks accounted for another fourteen percent and concludingly remote file inclusion only accounted for six percent of the traffic. The business logic attacks were split as follows email extraction was nine percent and comments spamming accounted for five percent of the section. Cross-Site ScriptingIn this attack type the attacker attempts to hijack a user session then steal the instruction that they read to log on to the site. Sometimes the y hijacker inserts hostile content or redirect the user to a malicious site to steal discipline. The final flaw that is used is not correctly validating and escaping that content. Directory Traversal Directory traversal is attacking parts of a electronic network site that are not typically exposed to the public viewers. This an act upon of the credential of the electronic network horde. It is also possible to use this attack by not properly removing user-supplied file names to the file APIs.SQL Injection Attacks against the basis database host is called SQL injection attacks. Using this type of attack the attacker is capable to steal the data contained on the page or site. This attack is most viable when user input is both incorrectly filtered for escaped characters in the SQL statements or the user input is not typed appropriately. Combating Web Server Attacks There are several things that users can do to protect themselves from entanglement server attacks. first-year they can patch their operating systems up-to-date. Second, install a individualized firewall, anti-virus and anti-malware tools. workout complex usernames and passwords, and change passwords regularly. Finally, turn off client-side scripting such as JavaScript or ActiveX. On the web server side, there are more or less suggested fixes. First of all carry finished SSL connections however, it used to be that 128-bit encryptions was sufficient according to Saumil Shah from terminate Square. Now it is not uncommon to utilize 1024-bit RSA encryption on SSL certificates. Second, cater a best practices analyzer or threat analyzer and implement security fixes. Another, security method to protect internal resources through the use of reverse proxy servers.The final solution to these web attacks is the human element, corroborate code written by developers and correct any errors discovered. Denial of Service Attacks The most feared attacks on a network is denial of service attack or a di stributed denial of service attack. In both attacks the documentary is very simple as the name implies it is to disrupt the flow of information into a network, generally the objective is not to steal data or release confidential information. Denial of service attacks are performed usually by a single attack thusly, are much easier to defend against.Distributed denial of service attacks are much more vexed to detect and thus much more difficult to defend against. They are generally duplicate amongst many individuals or through automation using botnet malware. Defending and spirited denial of service type attacks can be very swooning to stop since they are from one threat. The first defense against this type of attack is the use of access control lists on either the firewall or on the beleaguer router. Cisco uses the following syntax in its IOS enabled devices permit transmission control protocol eq .Within Ciscos firewall products the PIX or the current accommodative Securi ty Appliance (ASA) the syntax is similar to that of the IOS devices. Ciscos ASA computer programme has a much more diverse set of features to full stop attacks at the border of the network. The ASA con also be put together to detect and thwart ICMP flood attacks. The more sophisticated web servers can be configured the block http attacks. Cisco also tosss products that are designed to detect and block single origin attackers. Most operating systems have firewall functions that are create into them.Third party security companies such as Symantec, Sophos, McAfee, and Zone Alarm offer personal firewalls to potentially block an incoming threat. This is the best alternative if a person or group doesnt have control of their border devices. There are two other means by which a single attacker can be stopped. They are interrupting the communication between a hacked machine through the use null routes on a pc or device its, however this is sometimes very difficult to accomplish and onl y works on some Operating Systems.The final means by which to slow an attacker down is to enable web server security to block connections from the particular ip address. In a distributed denial of service attack there is generally no crown indication of which ip addresses are causing the event. This make the DDoS attack highly difficult to detect and defend against. Most the time DDoS traffic looks analogous ordinary network traffic, which makes detection difficult if not impossible in some cases. DDoS attack can be used against many different protocols used in network including TCP, UDP, ICMP and DNS, using flood techniques to overwhelm a victims network.One of the best ways to prevent http or https flooding attacks is the incorporation of reverse proxy servers into the mix. The proxy server sits distant of the network and acts like a traffic cop in many ways. It doesnt allow packets through that it deems at threat. It also breaks up or fragments the requests from the outside w orld. Department of umpire attacks Many organization has fallen victim to web server attacks. In October 2002, a DDoS attack was used to cripple the earnings in the United States.This was done by simultaneously attacking eight of the thirteen root DNS servers. The Federal disposal has fallen victim to DDoS a number of times, the Department of Justice has been attacked twice in the last cardinal months. In the last two notable events in January of 2012 and just this other(prenominal) January, the hacker group Anonymous has claim responsibility for the attacks. They were targeted in knowledge of the Stop Online Piracy Act and most recently in carry of Aaron Swartz who had recently committed suicide.The only possible way that DDoS attacks could be carried out against the governments servers is either enlisting thousands of people to assist by flooding the webservers with http requests or by the use of malware and the use of botnets. In either case the, it would take a lot of ti me to detect the attack and even more time to stop the attack. DDoS attacks on the Federal organization would need to be extremely complex and would take a commodious time to plan and carry out. I do not confide that they are as easy to carry out as some make it out to be.In order to mitigate attacks in the future the Government needs to do several things. Implement reverse proxy server in front of the web servers. Make sure that all security fixes are up-to-date on all servers. Implement policies and procedures tracking changes to the web server security settings. Verify all user supplied information through the use of security images or the use of services like capture. Use of web services are common these days. Corporations, users and Government all need to take steps to protect themselves from web server attacks.This can be done in a variety of ways and is the responsibility of the information services to help management understand and prevent these attacks. References Geiger , William (2001). SANS Security Essentials GSEC practical Assignment 1. 2f Practively Guarding Against Unknown Web Server Attacks Murphy, David (26 January, 2013). Pro-Swartz Hackers Attack U. S. Department of Justice Website retrieved from http//www. pcmag. com OKeefe, Ed (20 January, 2012). How was the Justice Department Website Attacked? Retrieved from http//www. washingtonpost. com Romm, Tony (19 January, 2013).After Anonymous claims hack, DOJ site back. Retrieved from http//www. politico. com Shah, Saumil (2002). Top Ten Web Attacks Presentation at BlackHat Asia Thatcher, Greg. How to Stop a Denial of Service Attack? Retrieved from http//www. gregthatcher. com Weiss, Aaron 02 July, 2012). How to Prevent DoS Attacks Retrieved from http//www. esecurityplanet. com Cisco Systems (2004). Defeating DDOS Attacks White Paper Citrix Systems Protecting Web Applications from Attack and Misuse Imperva (2012). Impervas Web Application Attack Report Government of Hong Kong (2008). Web Attac ks and Countermeasures

No comments:

Post a Comment