Page 291 - StudyBook.pdf
P. 291
Communication Security: Web Based Services • Chapter 5 275
Even though the site appeared to be legitimate at first glance, reading the infor-
mation made visitors realize that the site was a spoof in its truest form.The features
of the bogus browser claimed to download pornography up to 10 times faster,
tabbed browsing that allows a user to switch from one Microsoft site to another,
and the feature of shutting down unexpectedly when visiting sites like Google,
iTunes,Apple, and so forth.While the site appears as nothing more than a parody
of Microsoft, it shows how simple it is to create a site that can fool (no matter how
briefly) users into thinking they’re visiting a site belonging to someone else.
Web Server Exploits
Web servers host Web pages that are made available to others across the Internet or
an intranet. Public Web servers (those accessible from the Internet) always pose an
inherent security risk because they must be available to the Internet to do what
they are supposed to do. Clients (Web browser software) must be able to send
transmissions to the Web server for the purpose of requesting Web pages. However,
allowing transmissions to come into the network to a Web server makes the
system—and the entire network—vulnerable to attackers, unless measures are
undertaken to isolate the Web server from the rest of the internal network.
Web server applications, like other software, can contain bugs that can be
exploited. For example, in 2001 a flaw was discovered in Microsoft’s IIS software
that exploited the code used for the indexing feature.The component was installed
by default.When it was running, hackers could create buffer overflows to take con-
trol of the Web server and change Web pages or attack the system to bring it down.
Microsoft quickly released security patches to address the problem, but many com-
panies do not upgrade their software regularly nor do they update it with available
fixes as they become available. New and different security holes are being found all
the time in all major Web server programs. For example, major flaws have also been
found in Apache Web servers’ Hypertext Preprocessor (PHP) scripting language
that, if exploited by an attacker, can result in the attacker running arbitrary code on
the system. Security patches are available to address these and other issues, but that
doesn’t mean they are actually applied to the system.
The issue with vulnerabilities is also common in the platforms on which Web
servers run, making a Web server vulnerable at its very foundation. For example, in
2005, the Zotob Worm infected numerous systems (including those of CNN and
the Department of Homeland Security) days after a patch had been released
addressing the plug-and-play vulnerability it exploited.While it would be nice to
think that these were exceptions to the rule, this often isn’t the case. Many adminis-
www.syngress.com
