WEB SERVER VULNERABILITIES AND SECURITY MEASURES

Members: Instructor: V Hong inh Hong Phi MSc Nguyn Duy

Agenda
Web Server Vulnerabilities and Security Measures
1 2

Abstract Current Network Overview Security Exposure Cross Site Scripting SQL Injection Session Hijacking Denial Of Service

3 4 5

6
7 8 9

Security Measures
Conclusion

Page 1

Page 2

Analysis
Web Server Vulnerabilities and Security Measures

Current Network Topology

Templates

Software Firewall is in use

Low and inflexible security.

Dont have any mechanism for Web LB, and HA, dont have AV Software Web Server and Database Server are running on the same physical server

Server overload rapidly and repeatedly

Database Server Security Exposure

IIS 6.0 in use

Outdated platform in use

Server, system, vulnerabilities unpatched

Web Server Security Exposure

Page 3

Security Exposure
Web Server Vulnerabilities and Security Measures

DEFAULT CONFIGURATION

WEB SERVER

VULNERABILITIES

_ Applying default configuration makes the system and server the target of exploitation. _ An unprotected web application could lead to unmanagable, unusable services. _ Malicious and unwanted codes make the system vulnerable to attack

WEB APPLICATION

MALICIOUS CODE

WEBSITE SOURCE CODE

Page 4

CROSS SITE SCRIPTING

Web Server Vulnerabilities and Security Measures
Cross-Site Scripting is a type of injection attack, in which malicious scripts are injected into the otherwise benign and trusted web sites. The malicious scripts can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. XSS attacks can generally be categorized into two main categories: stored and reflected.
Page 5

SQL INJECTION
Web Server Vulnerabilities and Security Measures SQL injection is a form of attack that the attacker taking advantage of weaknesses when the application queries the database to attack with the purposes: insert table, drop table, execute command to explore information of table, etc
Page 6

SESSION HIJACKING
Web Server Vulnerabilities and Security Measures
Session Hijacking is the process that steal session identifier of the active session, aims to pass the authentication process to gain illegal access to information or services of a computer system. When a user connects to the server through the authentication process by providing a user ID and password. After user authentication, they access the server and normal operation. During operation, the user does not need to re-authenticate. Attackers take advantage of this to steal the user's active session and the user is not connected to the system. Then the attacker to impersonate the user with just steal session, access to the server without having to log into the system.

Page 7

DENIAL OF SERVICE
Web Server Vulnerabilities and Security Measures
Denial of Service (DoS) is an attack technique with the intent of preventing a web site from serving normal user activity. DoS attacks, which are normally applied to the network layer, are also possible at the application layer. These malicious attacks can succeed by starving a system of critical resources, vulnerability exploit, or abuse of functionality.
Page 8

Security Measures
Web Server Vulnerabilities and Security Measures

WEB SERVER

Define approriate policies for your own needs Update the server periodically to get the full and final fix for your system

WEB APPLICATION

Use Mod_Security Check the log frequently and apply possible rules

SOURCE CODE

Modify / edit source code as your requirement to prevent possible attack. Update the lastest patch to fix vulnerabilities

Page 9

Web Server
Web Server Vulnerability and Security Measures
User and Password Policy
User and Password Policy

Page 10

Web Server
Web Server Vulnerability and Security Measures
System Patches
User and Password Policy

Minimize Softwares Installed

# yum list installed # yum list packageName # yum remove packageName Page 11

Web Server
Web Server Vulnerability and Security Measures
Change Default Port
User and Password Policy

Page 12

Web Application
Mod_Security Overview

Attack Prevention and Just-in-time Patching

Real-Time Monitoring and Attack Detection

Flexible Rule Engine

ModSecurity is an open source web application firewall developed by Ivan RISTIC for the Apache Web Server.

Page 13

Web Application Mod_Security

Prevent Cross Site Scripting (XSS)

Page 14

Web Application Mod_Security

Prevent Cross Site Scripting (XSS)

Page 15

Web Application Mod_Security

Prevent SQL Injection

Page 16

Web Application Mod_Security

Prevent DDOS Attack

Page 17

Web Application Mod_Security

Prevent DDOS Attack

Page 18

Web Application
Prevent Session Hijacking

Page 19

Web Application
Prevent Session Hijacking

Page 20

Conclusion

1.

Web Server
2.

Applications, Testing and Prevention evolve, but so do hacking and exploitation.

Administrators must always keep their eyes open for updates, fixes, patches available.

Web Application

Source Code

3.

There is never an unbreakable website but quickly, on-time updated websites and active, enthusiastic admins.

Page 21

THANK YOU!