Page 280 - StudyBook.pdf
P. 280

264    Chapter 5 • Communication Security: Web Based Services


                Hunting Down Rogue Web Servers
           Damage & Defense…  http://localhost/. This is called the loopback URL. If no Web server is run-
                To check a system very quickly to determine if a local Web server is run-
                ning without your knowledge, you can use a Web browser to access

                ning, you should see an error stating that you are unable to access the
                Web server. If you see any other message or a Web page (including a mes-
                sage advising that the page is under construction or coming soon), that
                computer is running a Web server locally. Once you discover the existence
                of such a server, you must either secure, remove, or disable it. Otherwise,
                the system will remain insecure. Other ways to discover the existence of
                a Web server is by checking services and running processes (for example,
                inetinfo.exe), but the quickest way to check on any platform is to quickly
                look at the loopback URL.
                     To check for rogue Web servers across a network, you should use
                Nmap to scan for port 80 traffic. This is done by opening the command
                prompt by typing  NMAP –p80  <IP address>. For example, if you were
                searching for a range of IP addresses on your network from
                198.100.10.2–198.100.10.200, you would enter NMAP –p80 198.100.10.2-
                200, and then look for any application banners grabbed so you can com-
                pare them to a listing of known Web servers on your network. One of the
                benefits of using this method is that NMAP can be used with scripts,
                which you can run on a routine basis to check for rogue Web servers on
                your network.

                 In Exercise 5.01, you will learn how to find a rogue Web server running on
             your system and disable it. In the exercise, you will learn how to run a few tests to
             see if you have rogue Web servers on your network and how to find them.


              EXERCISE 5.01


              FINDING AND DISABLING ROGUE WEB SERVERS

                      1. At any workstation or server type http://localhost. This is the
                         loopback address found in your HOSTS file that maps to 127.0.0.1
                         (the loopback Internet Protocol (IP) address). After entering this
                         URL, you should see a default Web page like the one shown in
                         Figure 5.2. This indicates you have a Web server running.








          www.syngress.com
   275   276   277   278   279   280   281   282   283   284   285