This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In most organizations, the browser is a major application in workstations. Most applications like Webmail, mobile banking, specializes utility software are designed to run on this thin client which is made accessible from various networks either private like VPN or public like the Internet. They could contain proprietary information and require authentication, or be accessible to everyone. But all of them can be accessed from a browser using http or https protocols. These use of these applications are dependent on browsers; which are also dependent on the trust between the browser and the application server. These trusts have been exploited using Cross Site Request Forgery, abbreviated as CSRF (pronounced sea-surf).
When utilizing CSRF , an attacker can perform almost every task allowed by the browser. This could include posting content to a message board, subscribing to an online newsletter, performing stock trades, using a shopping cart, or even sending an e-card. CSRF can also be used as a vector to exploit existing Cross-site Scripting flaws in a given application.. An attacker could also utilize CSRF to relay an attack against a site of their choosing, as well as perform a Denial Of Service attack in the right circumstances. Cross-site request forgery vulnerabilities are dangerous, because they may enable an attacker to perform an unauthorized action in a web application with the rights of a legitimate user and without his consent. Indeed, the request forged by a CSRF attack may contain the information used by the web application to authenticate the user (cookie, HTTP authentication). Since the request is made from the browser of the targeted user, it may enable an intruder to send requests to servers on the internal network as shown in the picture below. The red box depicts the internal network of an establishment, while the computer on the outside is the intruder. It attacks the computer on the inside and uses its browser and authentication credentials to perform tasks on the internal server of the establishment
Â <img src="http://host/?command">
Â <script src="http://host/?command">Â
Â <iframe src="http://host/?command">
Â var foo = new Image();
Â foo.src = "http://host/?command";
PS : The host variable in the tag represents the host portion of a URL or IP address .
<iframe src="http://localhost:10000/" name="iframeWebmin" id="iframeWebmin">
<input type="hidden" name="user" value="CSRF" />
<input type="hidden" name="uid_def" value="0" />
<input type="hidden" name="others" value="1" />
<input type="submit" value="submit" />
CSRF attack, like any other attack is designed to take charge of a repository. The repository could be an access server, a database server, a router, a DNS server etc. The main purpose of the attack is to make these servers do what the program is designed to carry out. It could be to steal information, manipulate information, destroy information or compromise the efficacy of the information for personal gain or just for fun. These malicious acts are counter-productive to the development of any establishment. In an event of an attack it will cost time, money to fix , and in some cases the destroyed information may never be recovered .Depending on the sensitivity of the information involved, litigation may not be avoided ; for instance ; as a network manager of a financial institution , if a breach on your server containing financial records of the institution's customer is recorded , there may be a lawsuit of those information end up in the wrong hand and used against the customers . Or even on the Active Directory , all company-proprietary information is out in the open .
In addition , Internal auditor , in its journal stated , as of 2001 " computer breaches now cost each affected US company $2million every year " . According that journal a total over $377million dollars was recorded as aggregate losses of 200 companies in year 2000 . These losses will have to be covered from somewhere ; either the company have to raise the raise the price of goods and services they offer or begin to cut corners, if they are production firms .These ultimately leads to lob loss or lower standard of living .
As administrators, it is our duty to make sure these breaches are reduced to the bare minimum. Network architecture , distribution , management and auditing plays a vital important role in the security of the network . According to Hubert Mattord and Michael Whitman , authors of Principles of Information Security , " â€¦. Security breaches are mostly caused by internal users than external sources " . With that known , as administrators, the security of the internal network should be as hardened as the external network .
In addition, using traps from SNMP enabled clients allow administrator remotely keep tabs on network devices. For instance, if there is an installed MIB (Management Information Base) in the router that monitors traffic to a prohibited URL, and there is a violation of that policy; the administrator gets an alert on that incident. That gives total control on the network whether he is on-site or off-site. The MIBs are not limited to traffic leaving the network , there are also several other MIBs available from Cisco , Juniper , Avaya etc that are capable of monitoring several metrics like threshold on successful pings to the interfaces on the router ; ping sweeps are usually monitored with this utility .
In conclusion, CSRF, as trivial as the concept might sound, could be an indication of bigger attacks waiting to happen. As administrators, we a charged to make sure we don't fall victim of these malicious scripts pretending to be legit. Making sure no one or no software has more privilege than required to do its job, and all traffic in and out of the network as a corresponding MIB in the router monitoring its metrics.