276    Chapter 5 • Communication Security: Web Based Services

             trators are remiss in identifying security holes quickly and installing the necessary
             software to fix the problem. Even worse, they may have unpatched older systems
             that still contain vulnerabilities that are several years old, and ripe for a hacker to
             attack.Web server exploits are popular for numerous reasons. One such reason is
             because firewalls are usually configured to block most traffic that comes into an
             internal network from the Internet, but HTTP traffic usually is not blocked.There
             are a large number of HTTP exploits that can be used to access resources that are
             outside the webroot directory.These include the Unicode Directory Transversal
             Exploit and the Double Hex Encoding Exploit.These are used to “sneak” the “../”
             directory transversal strings past the server’s security mechanisms, which generally
             block URLs that contain the string.Another reason these exploits are so popular is
             that it’s not necessary for hackers to have sophisticated technical skills to exploit
             unprotected Web servers. Scripts to carry out buffer overflow attacks, for example,
             can be downloaded and executed by anyone.
                 These are just a few examples of the ways that Web servers can be exploited,
             making it vitally important that these machines be secured. In addition to best con-
             figuration practices, there are software packages that are designed specifically to
             protect Web servers from common attacks.



              TEST DAY TIP
                  Make sure you update your Web servers with all the available updates
                  and hot fixes you can get, after testing them first on a non-production
                  test system. You need to know that service packs, hot fixes, and updates
                  are critical to the security analyst survival when dealing with systems
                  and services, especially Web services which are generally exposed to the
                  Internet.




             SSL and HTTP/S


             SSL is a public key-based protocol that was developed by Netscape and is sup-
             ported by all popular Web browsers. SSL 3.0 has been used for over a decade along
             with its predecessor, SSL 2.0, in all the major Web browsers. In systems where SSL
             or some other method of system-to-system authentication and data encryption is
             not employed, data is transmitted in cleartext, just as it was entered.This data could
             take the form of e-mail, file transfer of documents, or confidential information




          www.syngress.com