Download Presentation title

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Document related concepts

URL redirection wikipedia , lookup

Transcript 
Web Defacement
Anh Nguyen
May 6th , 2010
Organization
•
•
•
•
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
2
Introduction
• Introduction
– Web Defacement
– Hackers Motivation
– Effects on Organizations
• How Hackers Deface Web Pages
• Solutions to Web Defacement
• Conclusions
3
Introduction
Web Defacement
• Occurs when an intruder maliciously alters a
Web page by inserting or substituting
provocative and frequently offending data
• Exposes visitors to misleading information
4
Introduction
Web Defacement
• http://www.attrition.org/mirror/attrition/
– Tracks of defacement incidents and keeps a
“mirror” of defaced Web sites
5
Introduction
Hackers Motivation
• Look for credit card numbers and other valuable proprietary
information
• Gain credibility in the hacking community, in some high profile
cases, 15 minutes of fame through media coverage of the
incident
6
Introduction
Effects on Organizations
• Organizations lose
– Credibility and reputation
– Customer trust and revenue
– E-retailers can lose considerable patronage if their customers feel their
e-business is insecure
– Financial institutions may experience significant loss of business and
integrity
7
How Hackers Deface Web Pages
•
•
•
•
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
8
How Hackers Deface Web Pages
• Obtain usernames
– Use information-gathering techniques
– Make use of publicly available information
• Domain registration records
– Use ‘social engineering’ tactics
• Call an employee and pose as a system administrator
9
How Hackers Deface Web Pages (Cont.)
• Guess passwords
– Go through a list of popular or default choices
– Use intelligent guesses
– Use ‘social engineering’ tactics
• Birth dates
• Names of family members
10
How Hackers Deface Web Pages (Cont.)
• Obtain administrator privileges
• Perform additional information gathering to
find out useful tidbits
– The exact version and patch levels of the OS
– The versions of software packages installed on the
machine
– Enabled services and processes
11
How Hackers Deface Web Pages (Cont.)
• Access well-known Web sites and locate hacks
that exploit vulnerabilities existing in the
software installed
• Gain control of the machine and modify the
content of pages easily
12
How Hackers Deface Web Pages (Cont.)
Sechole
• An example of a privilege escalation exploit on
Windows NT4
• The attack modifies the instructions in
memory of the OpenProcess API call so it can
attach to a privileged process
• Once the privileged process runs, the code
adds the user to the Administrators group
• The technique works if the code runs locally
13
How Hackers Deface Web Pages (Cont.)
Sechole
• In the presence of Microsoft’s Internet
Information Server (IIS) Web server and some
other conditions, Sechole can be launched
from a remote location
14
How Hackers Deface Web Pages (Cont.)
Sechole
• Another approach is to exploit vulnerabilities
in Internet servers that are listening to open
ports
– No need to log on to the server
– Execute malicious code over an open legitimate
connection
15
How Hackers Deface Web Pages (Cont.)
IIS Hack
• Well-known example for a remote attack on
the IIS Web server
• Hackers exploit a buffer overflow weakness in
lsm.dll, causing malicious code to execute in
the security context of the System on the
server
16
Solutions to Web Defacement
•
•
•
•
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
17
Solutions to Web Defacement
• Firewalls
– Do not scan incoming HTTP packets
– HTTP attacks (such as IIS Hack) are not detected
• Network-based Intrusion Detection Systems (NIDS) and Hostbased Intrusion Detection Systems (HIDS)
– Listen to packets on the wire, but do not block them
– In many cases, the packet reaches its destination before it
is being interpreted by the NIDS
18
Solutions to Web Defacement (Cont.)
• Integrity assessment
– A hash code (similar to a checksum) for a Web
page reflecting the page’s content is computed
– The saved hash code is periodically compared with
the freshly computed one to see if they match
– The frequency of the hash code comparisons
needs to be high
– The scheme collapses when pages are generated
dynamically
19
Solutions to Web Defacement (Cont.)
• Multi-layered protection system
– Needed in order to effectively deal with Web
defacement
– On-the-spot prevention
• Attack s should be identified before their executions,
i.e. they should be identified at the service request
level
• Use system call and API call interception
20
Solutions to Web Defacement (Cont.)
• Multi-layered protection system (Cont.)
– Administrator (root) resistant
• Allow only specific predefined user (the Web master),
instead of the ‘Administrator’ account, to modify the
Web site content and configuration
– Application access control
• A single predefined program should be used to edit
and/or create Web pages
– OS level protection
21
Solutions to Web Defacement (Cont.)
• Multi-layered protection system (Cont.)
– HTTP attack protection
• A protection module that scans incoming HTTP
requests for malicious requests, even when the
communication is encrypted, should be used
– Web server resources protection
•
•
•
•
Executables
Configuration files
Data files
Web server process
22
Solutions to Web Defacement (Cont.)
• Multi-layered protection system (Cont.)
– Other Internet server attack protection
• Bind (a DNS server)
• Sendmail (an SMTP server)
23
Conclusions
•
•
•
•
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
24
Conclusions
• Thank you for your time
• Questions and feedback are welcome
25
References
• Prevent Web Site Defacement
– http://www.mcafee.com/us/local_content/white_
papers/wp_2000hollanderdefacement.pdf
26
Related documents
Implementing a Web Browser with Web Defacement Detection
Implementing a Web Browser with Web Defacement Detection
Chapter 13
Chapter 13
Information Systems and Networks
Information Systems and Networks
Slide 1 - IITK - Indian Institute of Technology Kanpur
Slide 1 - IITK - Indian Institute of Technology Kanpur
Cyber Security In High-Performance Computing Environment
Cyber Security In High-Performance Computing Environment
Cyber Crimes and Hackers
Cyber Crimes and Hackers
Data Leakages.pdf - 123SeminarsOnly.com
Data Leakages.pdf - 123SeminarsOnly.com
Course Overview - Cyber Security Lab
Course Overview - Cyber Security Lab
Introduction to Information Security Chapter 2
Introduction to Information Security Chapter 2
CIS 203 Artificial Intelligence
CIS 203 Artificial Intelligence
Responding to Intrusions
Responding to Intrusions