Web Server Vulnerability
The Vulnerability of Web Server
Web server vulnerability is the security weakness in a system that may be exploited by an attack whenever bugs or malicious codes are injected into the host. The flaws could be buffer overflow, cache poisoning, and SQL injection.
It takes money, time and valuable resources to create a beautiful and valuable website, but hacking into a vulnerable web server might be a piece of cake to some sites that perhaps developed by an underdog web developer or inexperienced web designer.
1. Source of Web Server Holes
The following are the major source of web server loopholes and flaws:
- Misconfiguration in operating systems or networks
- Bugs in operating systems and Web applications
- Cracks created by server default settings
- Unpatched security problems in applications
- Holes in security policies, procedures, or maintenance
The security concern may be felt by the webmaster(the site owner), the network administrator (host provider) or the end user in different ways depending on the type of attack or vulnerability the party exposed to.
- The Webmaster is hit by viruses, Trojans, attackers, and loss or exposure of sensitive information. Software bugs present in large, complex programs are often the source of security lapses encountered by web owners.
- The network administrator may be hit as a result of a poorly configured Web server serves to create a potential hole in the local network’s security.
- The end user may not at first feel the impact of the hit, however, exposure to Active X controls and Java applets, make it possible for harmful applications to invade the user’s system while surfing the net. The threat for the end user arises from the fact that the TCP/IP protocol was not designed with security as its foremost priority. Therefore, data can be compromised while being transmitted over the Web.
2. The Risks
2.1. Bugs and Web server Misconfiguration
Bugs and Web server misconfiguration can allow unauthorized remote users to do the following:
- Steal classified information valuable to the victim in real-time.
- Execute commands on the server host machine and modify the system configuration setting.
- Retrieve host-based information to assist them in compromising the system.
- Launch denial-of-service attacks, thus making the Web servers inaccessible for some time.
2. 2. Browser Vulnerability
This loophole is as a result of the flaw created by the browser while surfing and may cause:
- Active content to crash the browser damages the user’s system breaches the user’s privacy or merely creates a disturbance.
3.0 Types of Attacks Used Against Web Servers
A web server can be defaced using one of the following tactics:
- SQL injection
- SMS intrusion
- Telnet intrusion
- URL poisoning
- DNS attack through cache poisoning
- DNS attack through social engineering (a method of getting information to attack a system by talking to people with the information and convincing them to give out the information)
- FTP server intrusion
- Mail server intrusion
- Web application bugs
- Web share misconfigurations
- Wrongly assigned permissions
- Rerouting after firewall attack
- Rerouting after router attack
- Web server extension intrusion
- Remote service intrusion
- Man-in-the-middle attack
- Password brute force attack of administrator accounts
4.0 Useful Tools to Counter Attacks
4.1. Log Analyzer
- The Log Analyzer tool manipulates Web server logs and builds graphically rich, self-explanatory reports on Web site usage statistics, referring sites, traffic flow, search phrases, and other relevant information.
- It helps provide a comprehensive analysis of the Web server’s mileage by exposing the analytic report of visiting visitor to a particular site. This is, of course, possible due to broken links, as well as other potentially useful information.
- Creates log files in various formats
- Analyzes the number of log files
- Analyzes additional reports regarding the sites of interest.
- The CleanIISLog hacking tool unpacks log entries in IIS log files. An attacker can easily cover his or her tracks by switching entries based on his or her IP address in the log files. Check out to remove this attack by downloading this tool.
- This tool changes or disguises the identity of an IIS Web server by safely removing or modifying the unnecessary server header in HTTP responses. This puzzles hackers and makes it unmanageable for them to find a vulnerability to exploit.
- Randomizes server name header response with non-IIS server names
Sets a custom server name.
- Automatically rewrites common identifying session cookies such as ASPSESSIONID, ASP.NET_ SessionId, CFTOKEN, CFID, PHPSESSID, JSESSIONID, and SITESERVER.
- Removes server name header
- Normalizes and masks various response code messages and formats for some 200, 400, 403, 404, 405, and 501 server responses that are used to identify IIS
- Modifies the default e-mail banners of the Microsoft SMTP, POP3, and IMAP service connections and disconnections
- Veils internal IP addresses in HTTP header responses with the fully qualified domain name in the Content-Location header
- Imitates Apache or Sun ETag format in relevant responses
- Emulates the order of the HTTP headers that would be sent by a typical installation of the Apache Web server
- Emulates the Apache header format for the response to an ALLOW request.
- Download the tool here.
- LinkDeny is used to control access to a user’s Web site or Web-based application content. Its powerful access control features allow administrators to transparently check bandwidth pirates and potential hackers.
- It addresses many common site problems, including simple security and traffic management. It controls access to sensitive, private, proprietary, or copyrighted files and downloads.
- It limits attackers to access IP address, referring URL, country or geographic location, demographics, length of user session, type of Web browser, the existence of a cookie, HTTP request header type, and content.
- Boosts server availability and reduces serving costs and Improves management of time-restricted content for paid sites.
5. Web Server Security Checklist
- Perform regular update and patches: Run the MBSA utility periodically to check for the latest operating system and component updates.
- Relocate and protect IIS log files using IISLockdown, execute IISLockdown and UrlScan to lock down the servers.
- Disable WebDAV.
- Disable null user’s connections
- Disable NetBIOS and SMB (block ports 137, 138, 139, and 445).
- Remove administrative shares (C$ and Admin$).
- Restrict Web applications to use only ports 80 and 443
Each type of server has its own security vulnerabilities that attackers try to exploit on a regular basis, try not to limit your search and curiosity on how to identify and block potential attacks on your web server. Read more about how session hijacking and preventive measures.
“Vulnerability or attack is another culprit in disguise on the web, persistent and stiffen security check is a must, shun a cheaper approach to web security and spend less now to avoid spending much later. ” …My word