Web Server Attacks

Web Server Attacks Aaron G. Flaugh Strayer University Dr. Patricia White April 15, 2013 Web run atomic number 18 the most much violateed services of the modern net income. There are three common attack types. They are all mitigated in different ways, this paper will debate the means of protecting against them. The most effective attacks are call Denial of Services or nation attacks. No organization is save from a demur of service attack even the federal government has been successfully attacked. How corporations post reduce the risk of these attacks will also be discussed.Web Application Vulnerabilities Web services have become one of the most frequently delectationd technologies in business today, on that pointfore it is no surprise, which are among the most frequently targeted applications. There are five common types of attacks for weave services SQL injection, remote file inclusion, local file inclusion, directory traversal and cross site scripting. Those were just th e technical type attacks there are also two other business layer attacks, they are email extraction and comment spamming.According to a survey group iMPERVA cross-site scripting (XSS) accounts for twenty-nine pctage of sampled attacks, directory transversal (DT) accounted for twenty-two percent, local file inclusion was fifteen percent of the attacks, SQL injections were fourteen percent of the malicious traffic, business logic attacks accounted for another fourteen percent and finally remote file inclusion only accounted for six percent of the traffic. The business logic attacks were split as follows email extraction was nine percent and comments spamming accounted for five percent of the section. Cross-Site ScriptingIn this attack type the attacker attempts to hijack a drug user session then steal the information that they need to log on to the site. Sometimes they hijacker inserts hostile content or redirect the user to a malicious site to steal information. The final flaw tha t is used is not properly validating and escaping that content. Directory Traversal Directory traversal is attacking parts of a web site that are not typically exposed to the public viewers. This an go of the pledge of the web horde. It is also possible to use this attack by not properly removing user-supplied file names to the file APIs.SQL Injection Attacks against the background database server is called SQL injection attacks. Using this type of attack the attacker is able to steal the data contained on the page or site. This attack is most viable when user input is either incorrectly filtered for escaped characters in the SQL statements or the user input is not typed appropriately. Combating Web Server Attacks There are several things that users can do to protect themselves from web server attacks. First they can patch their operating systems up-to-date. Second, install a personal firewall, anti-virus and anti-malware tools.Use complex usernames and passwords, and change pass words regularly. Finally, turn onward client-side scripting much(prenominal) as JavaScript or ActiveX. On the web server side, there are some suggested fixes. First of all implement SSL connections however, it used to be that 128-bit encryptions was adapted according to Saumil Shah from Net Square. Now it is not uncommon to utilize 1024-bit RSA encryption on SSL certificates. Second, run a best practices analyzer or threat analyzer and implement security fixes. Another, security method to protect internal resources through the use of reverse procurator servers.The final solution to these web attacks is the human element, vagabond code written by developers and correct any errors discovered. Denial of Service Attacks The most feared attacks on a net profit is denial of service attack or a distributed denial of service attack. In both attacks the objective is precise simple as the name implies it is to disrupt the flow of information into a network, principally the objective is not to steal data or release confidential information. Denial of service attacks are performed usually by a single attack thus, are much easier to stomach against.Distributed denial of service attacks are much more difficult to detect and thus much more difficult to defend against. They are generally coordinated amongst many individuals or through automation using botnet malware. Defending and halting denial of service type attacks can be very easy to breach since they are from one threat. The first defense against this type of attack is the use of access control lists on either the firewall or on the elude router. cisco uses the following syntax in its IOS enabled devices permit tcp eq .Within Ciscos firewall products the PIX or the current accommodative Security Appliance (ASA) the syntax is similar to that of the IOS devices. Ciscos ASA platform has a much more diverse set of features to block attacks at the border of the network. The ASA con also be configured to detect and block ICMP flood attacks. The more sophisticated web servers can be configured the block http attacks. Cisco also offers products that are designed to detect and block single origin attackers. Most operating systems have firewall functions that are built into them.Third party security companies such as Symantec, Sophos, McAfee, and Zone Alarm offer personal firewalls to potentially block an incoming threat. This is the best alternative if a person or group doesnt have control of their border devices. There are two other means by which a single attacker can be stopped. They are interrupting the communication between a hacked machine through the use null routes on a pc or device its, however this is sometimes very difficult to accomplish and only works on some Operating Systems.The final means by which to slow an attacker down is to enable web server security to block connections from the particular ip address. In a distributed denial of service attack there is generally no clear index of which ip addresses are causing the event. This make the DDoS attack extremely difficult to detect and defend against. Most the time DDoS traffic looks like ordinary network traffic, which makes detection difficult if not impossible in some cases. DDoS attack can be used against many different protocols used in network including TCP, UDP, ICMP and DNS, using flooding techniques to overwhelm a victims network.One of the best ways to prevent http or https flooding attacks is the incorporation of reverse proxy servers into the mix. The proxy server sits outside of the network and acts like a traffic cop in many ways. It doesnt allow packets through that it deems at threat. It also breaks up or fragments the requests from the outside world. surgical incision of Justice attacks Many organization has fallen victim to web server attacks. In October 2002, a DDoS attack was used to weaken the internet in the United States.This was done by simultaneously attacking eight of the thir teen root DNS servers. The Federal Government has fallen victim to DDoS a number of times, the Department of Justice has been attacked twice in the last eighteen months. In the last two notable events in January of 2012 and just this past January, the peon group Anonymous has claim responsibility for the attacks. They were targeted in protest of the Stop Online Piracy Act and most recently in support of Aaron Swartz who had recently commit suicide.The only possible way that DDoS attacks could be carried out against the governments servers is either enlisting thousands of people to assist by flooding the webservers with http requests or by the use of malware and the use of botnets. In either case the, it would take a lot of time to detect the attack and even more time to stop the attack. DDoS attacks on the Federal Government would need to be extremely complex and would take a long time to plan and carry out. I do not believe that they are as easy to carry out as some make it out t o be.In order to mitigate attacks in the future the Government needs to do several things. Implement reverse proxy server in front of the web servers. Make sure that all security fixes are up-to-date on all servers. Implement policies and procedures tracking changes to the web server security settings. Verify all user supplied information through the use of security images or the use of services like capture. Use of web services are common these days. Corporations, users and Government all need to take move to protect themselves from web server attacks.This can be done in a variety of ways and is the responsibility of the information services to help oversight understand and prevent these attacks. References Geiger, William (2001). SANS Security Essentials GSEC Practical Assignment 1. 2f Practively Guarding Against Unknown Web Server Attacks Murphy, David (26 January, 2013). Pro-Swartz Hackers Attack U. S. Department of Justice Website retrieved from http//www. pcmag. com OKeefe, Ed (20 January, 2012). How was the Justice Department Website Attacked? Retrieved from http//www. washingtonpost. com Romm, Tony (19 January, 2013).After Anonymous claims hack, DOJ site back. Retrieved from http//www. politico. com Shah, Saumil (2002). Top Ten Web Attacks Presentation at BlackHat Asia Thatcher, Greg. How to Stop a Denial of Service Attack? Retrieved from http//www. gregthatcher. com Weiss, Aaron 02 July, 2012). How to Prevent DoS Attacks Retrieved from http//www. esecurityplanet. com Cisco Systems (2004). Defeating DDOS Attacks White Paper Citrix Systems Protecting Web Applications from Attack and Misuse Imperva (2012). Impervas Web Application Attack Report Government of Hong Kong (2008). Web Attacks and Countermeasures