Tuesday, 3 May 2011

Web Server Security

Hi Friends For Some Days  On Hackguide4u We Will Discuss Web Server Security,IIS Risks,About Unicode,Web Application Security,Hidden Field Hacking And Many More About Web Security.
We will start taking closer look first to web server. For new readers, Web servers are the heart of Web Sites, The Web Server is the system that holds and broadcasts the web-site, like right now, so you can view, read, write, ect.

The browser dissasembles the URL into three parts:
1. Protocol [HTTP]
2. Site name [www.Site.com]
3. File name [web-server.htm]

The [site name] gets translated into IP address. Browser then make a connection to the Web server at IP address on port 80 or the server. The browser then sends a GET [for protocol] request to the server, asking for the file. The server then sends the HTML text for the Web page to the browser and finally reads the HTML tags and makes a visual screen.
There are many popular Web Servers and common security threats that come with that popularity. Hundreds of servers get Hacked every day due to insecurity and poor education. The 3 most popular web servers are Apache Web Server, IIS Web Server and Sun ONE Web Server. What are some common attacks? Well first is when admin misconfigures the web server, Second is sniffing the server and third is DoS attacks (Denial of Service).
Apache Web Server are open-source for operating systems. The server allows HTTP services in sync with the current HTTP standards in an efficient and rich environment. Sun ONE Web Server is a Java Web Server wich is not free. And finally IIS Web Server is Microsoft's web server wich is as popular as Apache and less complicated if your not used to unix or linux platforms. One of the biggest security concern is that the web server can expose the system used on server to the threats posed by the Internet. This may come in form of a worm, backdoor, hackers or loss of important information. Server software bugs are the source of main security holes. Web servers, being large complex devices come with these applied risks. Not just that, but the open architecture of some Web servers allows without regard, scripts to be executed on the server's side of the connection in response to remote requests. Any CGI script installed at the site may contain bugs that are potential security holes. So if there's a script on your site there are chances that you may be target for penetration testing by attackers. Usually the average person does not see any immediate danger, as surfing the web appears both safe and anonymous. However, active content, such as ActiveX controls and Java applets, makes it possible for harmful applications such as viruses or trojans to invade the user's system. For example there are few trojans that can be installed by them self trough activeX with out any warning or notification, thats why its recommended to get FireFox due to Internet Explorer in-security. The TCP/IP protocol was not designed with security as its main priority. Therefore, data can be compromised in terms of confidentiality, authentication, and integrity as it is transmitted across the Web.
Thanks To Security Team.

No comments:

Post a Comment