Module Summary
- Web servers assume critical importance in the realm of Internet security.
- Vulnerabilities exist in different releases of popular webservers and respective vendors patch these often.
- The inherent security risks owing to the compromised webservers have impact on the local area networks that host these websites, even on the normal users of web browsers.
- Looking through the long list of vulnerabilities that had been discovered and patched over the past few years, it provides an attacker ample scope to plan attacks to unpatched servers.
- Different tools/exploit codes aid an attacker in perpetrating web server's hacking.
- Countermeasures include scanning for the existing vulnerabilities and patching them immediately, anonymous access restriction, incoming traffic request screening, and filtering.
Q1) Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security. Maintaining the security of a Web server will usually involve the following steps:
- Configuring, protecting, and analyzing log files
- Backing up critical information frequently
- Maintaining a protected authoritative copy of the organization's Web content
- Establishing and following procedures for recovering from compromise
- Testing and applying patches in a timely manner
- Testing security periodically.
In which step would you engage a forensic investigator? (?)
- 1
- 2
- 3
- 4
- 5
- 6
Q2) How can telnet be used to fingerprint a web server?
- telnet webserverAddress 80
HEAD / HTTP/1.0 - telnet webserverAddress 80
PUT / HTTP/1.0 - telnet webserverAddress 80
HEAD / HTTP/2.0 - telnet webserverAddress 80
PUT / HTTP/2.0
Q3) John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.
What would you suggest to John to help identify the OS that is being used on the remote web server?
- Connect to the web server with a browser and look at the web page.
- Connect to the web server with an FTP client.
- Telnet to port 8080 on the web server and look at the default page code.
- Telnet to an open port and grab the banner.
A3) Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.
Q4) Which tool can be used to view web server information?
- Netstat
- Netcraft
- Warcraft
- Packetcraft
A4) Netcraft can be used to view many details about a web server, including IP address, netblock, last views, OS information, and web server version.
Q5) Which of the following is used for identifying a web server OS?
- Telnet
- Netcraft
- Nmap
- Wireshark
A5) Netcraft is used to gather information about many aspects of a system, including operating system, IP address, and even country of origin.
Q6) What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel? (?)
- Encryption
- Permissions
- Redirection
- Firewalls
A6) Encryption offers the ability to prevent content from being viewed by anyone not specifically authorized to view it.
Q7) A common attack against web servers and web applications is (?)
- Banner grab
- Input validation
- Buffer validations
- Buffer overflow
A7) Buffer overflows are a common flaw in software that typically can only be fixed by a software engineer.