Server capabilities
New server products to add features , such as
server-side Javascript , server plugins and database connectivity that increase
the overall complexity of the server software. While the webmaster looks at the
capabilities of a web server and visualizes all of the ways in which these
capabilities could be used to build a better Web site, the penetrator examines
each capability in terms of how it could be used to circumvent, defeat ,and
disable the security of the server as a whole.
Server - side includes are examples of server
features that are also a bonus to the penetrator. A server side include is a
sequence of commands that is embedded in an HTML document. When a web server
requests the document , the server scans the document for the embedded commands
and executes them.
The results of the common execution are used to
update the HTML document before it is sent to the browser. One of the commands,
exec, allows arbitrary operating system commands to be executed. This
capability is very powerful both for you and the penetrator. When server side
includes are enabled, a person with minimal web publishing capabilities gains
the extra privilege of being able to execute operating system commands.
The best way to avoid security
vulnerabilities with new server
Features is to access the capabilities provided by
each feature and determine which once pose acceptable security risks. Minimally,
you must consider the following to be risks:
]The feature can
be used to execute external programs or operating system commands
]The feature can
be used to read or write arbitrary files located on the server.
]The features
maintains client information on the browser using cookies or URL encoding.
The above risks only determine whether the features has the capability
to cause security problems it doesn't mean that he feature is necessarily
insecure. For example , CGI programs, ASP, and Live Wire applications are risky
according to all three risk indicators. Once you identify a feature as risky,
you have to determine whether secure applications can be built using the
features despite its inherent risks and whether the benefits provided by the
feature are worth taking a chance. In the case of CCI programs , ASP, and live
wire applications, the answer is usually yes.
CGI Programs
There is nothing inherently about CGI itself. However, CGI programs are
a prime source of server-side vulnerabilities . By deploying a CGI program, you
are allowing others to execute program is a potential tool with which to attack
your system. Any Security flaws in your CGI programs are directly and
continually Accessible, and penetrators are free to repeatedly probe and cajole
these flaws until they succeed in accomplishing there clandestine objectives.
Do flaws exist in CGI programs? you bet. Some flaws let attackers read
data that should otherwise be concealed. Other flaws let Hackers trash data
that is collected from web users. The most Devastating flaws let penetrators
remotely execute operating system commands and programs of their choosing.
How do flaws in CGI programs occur? How are they exploited? In many
cases , these flaws occur because of poor parameter checking and faulty
assumptions on the part of the programmer.
For example, consider the case where a CGI program invokes a search
program and passes it the value of a decoded query string. The programmer
assumes that the search program will simply search for whatever value is passed
. But when the query string passed, the following in executed:
search string ;
cat/etc/passwd
In this case, the CGI program returns much more than the search results
it appends the contents of your password file to the search results. The penetrator
can then use a password cracking program to find a password to find a password
that will let him or her log into your system.
You may wonder why anyone would develop CGI programs that would allow
such serious breaches of security. Some programmers don't know any better-they
are oblivious to the fact that their programs may be misused. Some are so
focused on developing their web applications that security is put on the back
burner-permanently.
However, the biggest problem, by jar , is that in most CGI programs,
security flaws are difficult to spot. In the cases where they are found, they
are often dismissed. "But no one would ever do that" is a common
justification for falling to remove an exploitable flaw.
Another facing CGI programmers is the fact that the odds are heavily
stacked against them.
The programmers must eliminate all possible security flaws in order to
make their CGI programs secure. The penetrator need only find a single
exploitable flaw in order to break into the Web Server.
No comments:
Post a Comment