250 likes | 417 Views
بسم الله الرحمن الرحيم. Islamic University of Gaza Electrical & Computer Engineering Department. Web Security. Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati Supervisor: Dr. Basil Hamad. Contents:. What is security?. Host threats and countermeasures.
E N D
بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Web Security Prepared By: Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati Supervisor: Dr. Basil Hamad
Contents: What is security? Host threats and countermeasures. Network threats and countermeasures. Application threats and countermeasures. Conclusion. References.
Have you ever believed that: All your personal information are available to a hacker!!! There is a hacker who follows all your electronic steps!! OH.. This means that.. your NETWORK SECURITY has been broken !!!
Imagine thatyou have received an E-mail.. And while opening.. This message appears!!! OH Nooo!! your HOST SECURITY has been broken !!!
What is this?!! Who steel my password?! Who enter my E-mail?? Have you ever entered your E-mail and found your password has been changed?? Or have you ever found that your password has been published to all your friends? OOOH.. your APPLICATION SECURITY has been broken!!!!
What is security? The protection of information assets through the use of technology, processes, and training. Security Network Security Application Security Host Security
V I R U S Authentication APPLICATION THREATS HOST THREATS Sniffing NETWORK THREATS Security
Host Threats Network Threats App. Threats
Host Threats Viruses, Trojan horses, and worms. Foot printing. Password cracking.
Viruses, Trojan horses, and worms: A virus is a program that causes disruption to the operating system or applications. A Trojan horse is a malicious code that is contained inside what appears to be a harmless data file or executable program. A worm is self-replicates from one server to another.
Cont… Countermeasuresagainst viruses, Trojan horses, and worms : Stay current with the latest operating system service packs and software patches. Block all unnecessary ports at the firewall and host. Disable unused functionality including protocols and services
Footprinting Examples of foot printing are port scans and ping sweeps. The type of information that are required by the attacker includes: account details, operating system, other software versions, server names, and database schema details. Countermeasures to prevent foot printing include : Disable unnecessary protocols. Lock down ports with the appropriate firewall configuration.
Password Cracking If you use default account names, you are giving the attacker a head start. If you use blank or weak passwords you make the attacker's job even easier. Countermeasures to prevent password cracking include : Use strong passwords for all account types. Apply lockout policies to end-user accounts.
Network Threats: Information gathering Sniffing Spoofing Denial of service
Information Gathering Attackers usually start with port scanning. detect device types and determine operating system and application versions Countermeasures toprevent information gathering: Configure routers to restrict their responses to footprinting requests. Configure operating systems that host network software.
Sniffing Read all plaintext passwords or configuration information. crack packets encrypted by lightweight hashing algorithms. Countermeasures toprevent sniffing: Use strong physical security and proper segmenting of the network . Encrypt communication fully, including authentication credentials.
Spoofing use a fake source address that does not represent the actual address of the packet. hide the original source of an attack Countermeasures toprevent spoofing: Filter incoming packets Filter outgoing packets
Denial of service: denies legitimate users access to a server or services. send more requests to a server than it can handle . toprevent denial of service: Countermeasures Apply the latest service packs. Use a network Intrusion Detection System (IDS).
Application Threats Authentication Network eavesdropping Cookie replay attacks
Authentication Network Eavesdropping Capture traffic and obtain user names and passwords. Countermeasures to prevent network eavesdropping include: do not transmit the password over the network such as Windows authentication. Make sure passwords are encrypted. Use an encrypted communication channel.
Cont… Cookie Replay Attacks Capture the user's authentication cookie to gain access under a false identity Countermeasures to prevent cookie replay include: Use an encrypted communication channel whenever an authentication cookie is transmitted. Use a cookie timeout to a value that forces authentication after a relatively short time interval.
Conclusion The remedy for all corporate security issues cannot be described in just one paper. It is meant by this research to be a starting point to a better understanding of the three types of web security and there threats . By thinking like attackers and being aware of their likely tactics, you can be more effective when applying threats’ countermeasures . you must know what the enemy knows.
References Sima, C. Are Your Web Applications Vulnerable?. Atlanta, GA: SPI Dynamics, 2005. http://www.webscurity.com/pe_benefits.htm [access at July 7, 2006] J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. 2006. Improving Web Application Security: Threats and Countermeasures.U.S.A: Microsoft Corporation. Retrieved June 5, 2006 from: http://www.msdn.microsoft.com/library
Cont… SafeNet. 2005. WB_Best Practices in Creating High Level Application Security. U.S.A: Belcamp, Maryland 21017 USA. Retrieved July 12, 2006 from:: http://www.safenet-inc.com Microsoft’s patterns & practices team. 2005. Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0. Retrieved July 7, 2006 from: http://www.msdn.microsoft.com/practices