Friday, December 17, 2010

Hacking Web Servers Part - 1,2,3

Posted by Joe Root Posted on 10:58 AM No comments

Hacking Web Servers Part - 1

The Internet is probably where security or the lack of it is seen the most. Often, a breach in security causes more damage in terms of goodwill than the actual quantifiable loss. This makes the security of web servers assume critical importance. Most organizations consider their Internet presence as an extension of themselves. In this module, we will explore:

  • The basic function of a web server

  • Popular web servers and common vulnerabilities

  • Apache Web Server and known vulnerabilities

  • IIS Server vulnerabilities

  • Attacks against web servers

  • Tools used in Attack against web servers

  • Countermeasures that can be adopted
This module attempts to highlight the various security concerns in the context of a web server. Readers are encouraged to supplement this module by following vulnerability discussions on various mailing lists such as bugtraq and security bulletins issued by third party vendors for various integrated components.

How Web Server Works,Hacking Web Servers Part - 2

The browser breaks the URL into three parts:

  1. The protocol ("http")

  2. The server name ("www.website.com")

  3. The file name ("webpage.html")



  • The browser communicates with a name server, which translates the server name, www.website.com, into an IP address




  • The browser then forms a connection to the Web server at that IP address on port 80.




  • Following the HTTP protocol, the browser sends a GET request to the server, asking for the file http://webpage.html.




  • The server sends the HTML text for the Web page to the browser.




  • The browser reads the HTML tags and formats the page onto the screen.



    • Let us take a look at the basic working of a web server. What happens when you type http://www.eccouncil.org/Certification.htm in your browser?

    • The browser differentiates the URL into three parts:

      1. The protocol ("http")

      2. The server name (www.eccouncil.com)

      3. The file name ("Certification.htm")

    • The browser initiates the connection by communicating with a name server to translate the server name www.eccouncil.com into a valid IP Address.

    • It then uses this IP address to connect to the target web server machine.

    • The browser then establishes a connection to the web server at the specific IP address on port 80. This is the default port. (It can be any other port as well)

    • According to the HTTP protocol, the browser sends a GET request to the server, to retrieve the file "http://www.eccouncil.org/certification.htm"

    • The web server then sends the HTML text for the particular Web page to the browser.

    • The browser reads the HTML tags and formats the page on the user's screen.
    Other HTTP methods like POST, PUT, are used in subsequent communications if needed. The response from the server includes the HTTP response code suitable for the result of the request. In the case of successful data retrieval, an HTTP 200 OK response is generated. Other HTTP response codes exist: common ones include 404 Not Found, 403 Access Denied, and 302 Object Moved (often used to redirect requests to a login page to authenticate a user).
    Popular Web Servers and Common Security Threats

    • Apache Web Server

    • IIS Web Server

    • Sun ONE Web Server

    • Nature of Security Threats in a Web Server Environment.

      • Bugs or Web Server Misconfiguration.

      • Browser-Side or Client Side Risks.

      • Sniffing

      • Denial of Service Attack.

        Popular Web Servers, Hacking Web Servers Part - 3

        The popular web servers are Apache Web Server, Internet Information Server and Sun ONE Web Server.
        The Apache Web Server is an open-source web server for modern operating systems including UNIX and Windows NT. The server provides HTTP services in sync with the current HTTP standards in an efficient and extensible environment.
        The Java Web Server / Sun ONE Web Server is one of the other highly available Web servers on the market. Microsoft's Internet Information Server is another popular server used by a sizable percentage of websites.

        		 Threat
        Common Security Risks
        Let us take a look at some of the security concerns that arise in the context of web servers. There are inherent security risks that affect web servers, the local area networks that host these web sites, and perhaps even the normal users of web browsers.

        Webmaster's Concern

        From a webmaster's perspective, the biggest security concern is that the web server can expose the local are network or the corporate intranet to the threats posed by the Internet. This may be in the form of virus, Trojans, hackers or compromise of information itself. It is often considered that software bugs present in large complex programs are the source of imminent security lapses. Web servers, being large complex devices do come with these inherent risks. Apart from this, the open architecture of some Web servers allows arbitrary scripts to be executed on the server's side of the connection in response to remote requests. Any CGI script installed at the site may contain bugs that are potential security holes.

        Network Administrator's Concern

        From a network administrator's perspective, a poorly configured web server poses another potential hole in the local network's security. While the objective of a web site is to provide controlled access to the network, too much of control can make a Web site impossible to use. In an intranet environment, the network administrator has to careful about configuring the web server such that legitimate users are recognized and authenticated and various groups of users assigned distinct access privileges.

        End User's Concern

        Usually the end user does not perceive any immediate threat, as surfing the web appears both safe and anonymous. However, active content, such as ActiveX controls and Java applets, makes it possible for harmful applications such as viruses to invade the user's system. Besides, active content from a web browser can be a conduit for malicious software to bypass the firewall system and permeate the local area network.
        The threat for the end user stems from the fact that the TCP/IP protocol was not designed with security as its foremost priority. Therefore, data can be compromised in terms of confidentiality, authentication, and integrity as it is transmitted across the Web. In essence the aspects of confidentiality, authentication, and integrity need to be guarded both on the client side and server side to the extent possible.

        Risks

        There are basically three overlapping types of risk:


        1. Bugs /misconfiguration problems in the Web server that allow unauthorized remote users to:


          • Steal classified information.


          • Execute commands on the server host machine and modifying the system.


          • Retrieve host based information to assist them in compromising the system.


          • Launch denial-of-service attacks, rendering the machine temporarily unusable.


        2. Browser-side risks


          • Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates a disturbance.


          • The misuse of personal information provided by the end-user.


        3. Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server including:


          • The network on the browser's side of the connection.


          • The network on the server's side of the connection (including intranets).


          • The end-user's Internet service provider (ISP).


          • The server's ISP or regional access provider.

    Categories:

    0 Comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)