Free Essay: Web Server Application Attacks
Common web application in the design and coding have vulnerabilities which if hackers manage to explore, can easily offer access to sensitive information and service denial to the web applications. Many of the applications when detected earlier can be fixed, thus preventing hackers a leeway into web application. Many attacks and vulnerabilities exist and each has mitigation measures.
While attackers may target web applications, servers also are major targets because of numerous data and control they have in a network. Designing a server plan is also significant for the safety of the network. This paper therefore focuses on some of the vulnerabilities, mitigation measures and attacks as well as the architectural design of an impermeable web server.
SQL injection is one of the most common attacks on web applications. It explores vulnerability in which applications utilize queries and demands for services execution as well as retrieval of information. Attacks also explore this kind of vulnerability by inserting malicious information that is well crafted as part of commands (F5, 2007, P. 6). The inserted information can also trick the application to execution of unintentional commands thus, offering access to unauthorized information.
Countermeasures against SQL attacks also include making sure that the submitted values are filtered, encoded and checked before passing them to a user. One should also avoid connection to the database as the superuser or owner. One should specifically ‘‘always use customized database users with the bare minimum required privileges needed to carry out the assigned task’’ (Siddaharth & Doshi, 2010).
Cross-site scripting is also another type of attack that targets on the fact that many internet browsers operate in the same way as JavaScript enablement. Since JavaScript may contain confidential details of a user, an attacker can send the user’s cookie on mail or to other databases posting them on sites to appear like plain information.
By displaying the script in other sites, the hacker can easily use the identity of another person and also impersonate them on other websites. It is therefore crucial to utilize application firewalls that block all invalid requests. Servers can additionally monitor traffic for any malicious characters since JavaScript contains SCRIPT, as part of the keyword (F5, 2007, P. 6).
Lack of web application encryption during user requests authentication at all times can lead to hijacking of vital and active sessions by an attacker in what is known as broken authentication. The attacker in the event of such assumes the identity of a user with all account management activities that the hacker commands. The web application should also be enhanced in a way that calls for re-authentication especially in the process of sensitive transactions even on valid ID (Siddhart & Doshi, 2010).
An architectural design to prevent any DoS attacks needs the use of firewalls that separate Internet from Intranet. The firewall should also be in a position to set up a zone that is demilitarized on the Intranet (Kargl et al., 2001, p. 518). Intrusion Detection System should also be installed in the system to offer notifications to the administrator on any suspicious activities.
Firewall rules should also include sanity checks for the destination as well as source address in which the Internet packets should not have a source address from Intranet and vice versa. The rejection of Intranet packets that lack the source of local address makes it impossible for spoofing to take place. This is a technique known as egress and ingress filtering.
The stronghold of this architecture is the fact that, ‘‘Even if a host is invaded by a hacker, these rules make it impossible to use that host as a platform for further attacks requiring spoofed packets’’(Kargl et al.,2001, p. 518). There are also different factors that cause execution of denial service attack. The attack on PayPal was anonymous and retaliation on suspension of WikiLeaks’ accounts by PayPal after it released U.S’s classified cables (Haag, n.d).
Therefore, the attack was a protest on the action taken on WikiLeaks by PayPal. The other DoS motivations include dislike of a policy, government or action that the attacked government undertakes politically generated attacks across nations, business rivals who focus on harming reputation of their rivals, damage sales or stop operations as well staff and clients who are disgruntled by the company.
Even with different reasons for website and servers attacks, hackers still use different tools to deploy the attacks. Packet flooding utilizes TCP floods as a preferred choice as it depletes resources and bandwidths available. Overloading the server with the packets ensure that the attack is successful. Simplicity of the attack since ‘“TCP/IP protocol suite (IPv4) does not readily provide mechanisms to insure the integrity of packet attributes when packets are generated or during end-to -end transmission”, paves way for the attack (Houle et al., 2001, p. 3).
Such attacks can also be carried out using multiple sources while creating the source IP, thus preventing a hacker from being caught. Crackers also pry through the website applications for any vulnerability they can easily manipulate and get into the system. Therefore, the ease of attack mainly depends on how ‘‘tight’’ the web application is, and how safe the server is.
Securing the server and the web application, fixing application bugs and installing intrusion detectors makes it hard for hackers to initiate the attack. Web application and servers however remain vulnerable in absence of such security measures especially is the hacker is well versed with computers.
It is therefore essential to protect government websites because they serve the general problem. One way of preventing the attacks is reducing the functionality of the servers only to support those used within the site. It is additionally important that the servers are installed with repelling and intrusion detection systems especially for malicious or suspicious traffic with alert information being sent to an administrator.
Using Linux Kernel as a system base also helps to ensure the application is invulnerable to attacks including TARGA. What’s more, evading the system to accept 128 entries makes it robust, and protects it from attacks such as SYN flood (Kargl et al., 2001, p. 519).
Reference
Haag, M. (n.d.). Prosecution of Internet Hacktivist Group “Anonymous.” U.S. Department of Justice. Retrieved from http://www.justice.gov/usao/briefing_room/cc/mca_anonymous.html
Houle, K. J. et al. (2001). Trends in Denial of Service Attack Technology. CERT.
F5 Networks. (2007). Web Application Vulnerabilities and Avoiding Application Exposure (White Paper). F5 Networks. Retrieved from http://www.f5.com/pdf/white-papers/vulnerabilities-wp.pdf
Kargl, F. Et al. (2001). Protecting Web Servers from Distributed Denial of Service Attacks. University of Ulm. Retrieved from http://www.princeton.edu/~rblee/ELE572Papers/p514-kargl.pdf
Siddharth, S. & Doshi, P. (2010). Five Common Web Application Vulnerabilities. Symantec. Retrieved from http://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities