Securing web server applications has become a vital process as the information being processed by web applications is very critical to customers, organizations, corporations and countries. They manage a wide variety of information including but not limited to social security numbers, financial information, and health records, national security information and academic data.
All these information is important to the owners; therefore, the web servers must secure the information at all times (Christ, 2007). Firewalls are doing an incredible job in protecting operating systems and common network layers. The application layer is what is left making web applications the prime target for cyber-attacks. The application layer has no shortage of weaknesses and most of them require little expertise to exploit. This in turn attracts more malicious people (Desmond, 2004).
Web Application Attacks
The purpose of a web based attack is very different from other networks or host attacks. A web based attacks normally focus on the application itself and occurs on the application layer of the OSI. This is according to (Desmond, 2004).
When a web server application attack occurs, the vulnerability can provide means for malicious users to breach a systems security measures and in turn gain access to private information. Before an attack occurs, at least one normal request or a modified request meant to take advantage of the vulnerable parameter checking is made. According to (Kennedy, 2005), most common web applications vulnerabilities occur due to:
- Flaws in the web applications programming
- Server administration activities
- Exposure of the server operating system
One of the most common web application vulnerability is the failure of a strong way of verifying if end users are whom they claim to be. Authentication process plays a vital role in securing web applications. A user has to have a login name and a password in order to be allowed specific privileges. When malicious attackers gain access to a system by proving to the application that they are legitimate users, they gain the privileges that a legitimate user would have (Acunetix, 2013).
Authentication vulnerabilities can be prevented by providing random questions that only the legitimate user should know the answer. Once the user has submitted the correct answer, they are authenticated to go further. Another way to prevent this type of attack is to ask for re-authentication at different time intervals. Carrying out regular tests to test authentication and all the ways that can be used to circumvent the authentication and implementation authorization or access control are also ways to prevent the vulnerability (Kennedy, 2005).
An attack can occur when a web application uses the web browser of another web user who is viewing the same web page. A malicious user can create a web page that takes advantage of a cross-site scripting vulnerability (Kennedy, 2005).
When an unknowing user visits the website, the attacker’s code is executed on the users system. To prevent this vulnerability and the attacks, one can filter content so that the user’s data cannot be interpreted as scripted content. Another way is to perform data integrity tests on the data before the data is submitted.
Most web applications are vulnerable when it comes to buffer overflows. This is when a program attempts to store more data in a static state than it is designed to store. Additional data overwrite occurs and memory is corrupted, and this allows an attacker to key in random instructions on the web server. The applications may not have the ability to prevent the introduction of the code into the system and therefore, goes on to execute it. An attacker may key in a code that allows access to the web server where they can in turn gain access the password file stored there (Kennedy, 2005).
In order to prevent vulnerability, it is important to identify buffer overflows by keying in large data values into form inputs and prevent it. Preventing insertion of codes from unknown sources is also another way to prevent the attack.
Preventing a Denial of service Attack
(Frank, Joern & Michael, 2000) define a denial of service attack as an attack that may render a computer or a whole network incapable of providing the expected services. They also state that the most common Dos attacks will target the network bandwidth or the connectivity. When the bandwidth of the network is attacked, the network is flooded with so much traffic to the extent that all the available network resources are consumed, and the user’s requests cannot be executed.
The most common forms of DoS attacks include land attacks, smurf attacks, viruses and worm attacks. Some of these attacks are extremely hard to prevent as the DoS packets usually look like normal packets (Cisco, 2013). DoS attacks can cause extreme and costly damage to networks and therefore, networks must be configured with preventive measures so as to avoid these attacks.
One way of preventing DoS attacks is by using intrusion detection system architecture. This is according to (Peter, Donald & Mark, 2000). They describe the architecture as something that will frustrate the attacker by making the intrusion detection system components invisible to the attacker’s normal ways of seeing through the network. If an attack becomes successful, the architecture will allow the IDS components to move from the attacked host to the operational host, therefore, easing the attack.
Justice Department Website Attack
The website belonging to the Justice department was attacked early this year by a group of hackers. A denial of service attack crippled the website by overloading it with requests for access.
It is normally difficult to understand the motivation behind DoS attacks, but in the attack that was carried out on the Justice Department website, it can be said that the attackers were getting back at the government for some reason. The Washington post reported that the attack was due to the fact that the department decided to shut down a website that allows users to share movies, e-books and other television shows.
If one is to carry out a DoS attack, computers and executable codes are needed. One of the techniques that can be used includes distributed denial of service, which uses the strength of many systems that are working together towards a specific cause. DoS attacks are relatively easy to carry out, and this is one of the main factors that highly contribute to the increase in these kinds of attacks.
In order to prevent DoS attacks on the federal government websites, some prevention mechanisms can be put into place. These may include using a dot Defender web application firewall that helps avoid the attacks by inspecting the HTTP traffic and checks the packets against the set rules among others.
Another way is to create an audit trail of what has changed on the network and why it has changed. By doing this, any attack that might occur is detected early and prevented. The attacks can also be prevented by predicting the vulnerable areas that a hacker may use to gain access to the internet and cause harm. This can be achieved by hacking the network by imagining what the attacker may do so as to gain access. Once the vulnerable areas have been identified, it becomes easier to deal with them.
Acunetix. (2013). Authentication Hacking Attacks
Christ. (2007). Web Based attacks.
Cisco. (2013). Protecting the Cisco Catalyst 6500 Series Switches Against Denial-Of-Service Attacks
Desmond. (2004, May 17). All-out blitz against Web app Attacks
Frank, Joern & Michael. (2000). Protecting Web Servers from Distributed Denial of Service Attacks.
Kennedy. (2005). Common Web Applications Vulnerabilities.
Peter, Donald & Mark. (2000). A Denial of Service Resistant Intrusion Detection Architecture