This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Abstract: Web attacks have grown largely according to the development of the technology. Lot of protection mechanism and techniques for preventing attacks are also developed same as that of Technology. The various efforts developed by researchers and open forums help to develop secure application development and maintenance. This paper provides a survey of various web attacks and the root cause for their attacks and their prevention techniques.
Keywords: security, vulnerability, attacks.
World Wide Web has fundamentally changed the way the people interact with each other and share information. Web has become an important among components and for an individuals or even a country to share information also for personal, commercial or for military objectives.
Web security is an issue which also growing according with an technology growth. The information transmitted in Internet and mostly web browsers may contain very sensitive. It is also known that attackers are interested in gaining the information. Some common threats to Web application include SQL Injection, variable manipulation, cross site scripting etc. Already there are many techniques such as firewall, Intrusion Detection System(IDS), Secure Http protocols, Access control mechanism and User authentication etc.
There are several well known attack techniques to penetrate web application. There also have a lot of research efforts in this field to identify and stop these security vulnerabilities. In that research Web Application Security Consortium (WASC) gives an open platform for security professions, software developers to access latest security issues and some counter measures. This research also provides documentation details of each class of attacks. This Survey also provides the cause for web hack incidents. Some reason for this attacks are Insufficient Authentication, Application Miss configuration, Insufficient Authorization etc.
Another Recent Survey of Open Web Application Security Project (OWASP) conducts every year to identify vulnerabilities that cause attacks. According to that survey some of the top vulnerabilities are Injection, Cross- Site Scripting. If we look at a previous survey some attacks may not occur some new attacks has been included.
In this paper we discuss about the several attacks of the security and their methods and tools to deal with that security issues have been discussed.
CATEGORIZATION OF WEB SERVER ATTACKS
Web attack classification is used to analyze not only the known attacks and also to identify the new web attacks.
This is one of the most common attacks among web application. It derives from the software vulnerability and also it allows the malicious user to inject the code in the server engine. This attack also allows malicious users to view the sensitive information, destroy data or crash the entire applications.
It accesses the information on the way from the browser to the user. The browser proxy setting is configured to go through the Http proxy. Some proxy tools such as Web Scarab can see all the information flowing between client and server. It also allows the attacker to modify any request/response before sending it. With this tools the credit information can also access during the time of online processing.
c) Cross-Site Scripting:
This attack is used to steal cookies and session IDâ€™s. If the information regularly deleted by the users, also possible for the attackers to track the surfing pattern of users.
This is another dangerous attack from email service provider. If we forgot the password user need to answer for the secret questions. If the
attacker accesses the secret question they might be able to guess the answers.
d) Keystroke Loggers:
This type of attack will collect the information by keys entered through the keyboard. This attack is simplest to retrieve information.
Most of the attacks are done by the tools IP Sniffers and Trojan horse. The attacks has a various stages, the first stage of attacks consists of Port Sniffing. IP sniffer uses communication protocol to know about the ports status. If any port is unprotected then it can be used for second state of attacks. Sniffing is done in the large range of IPâ€™s. So attacker is looking for unprotected system. Trojan horse is an software need to be installed in the computer. Once it is installed it opens the backdoor that allow attacker to enter into the computer. It also masquerade itself behind the friendly application, bigger size images and email links etc.
Worms is another type of attack; it is a program which duplicates itself on an execution. There are two process of worms are duplicate and attack. The attack is for sending data packets into a specific website. The number of computers infected by the worms exceeds more than 1000, if it continues to exceed then the data traffic exceeds its capacity. The most generalized attacks and the biggest threats that behind the malicious programs are hackers and crackers. Hackers are your gang of attackers who would come to your house and look around but not steal. Crackers on the other hand are very dangerous, because they will actually try to damage any information.
Phishing is the new type of attack among the internet, commonly this type of attack, where attacker creates a replica of the existing webpage to fool users. Some steps are followed by the attackers to fool users are,
Create some duplicate website as same as the replica of the original website.
Sending large amount of spoofing message in the name of that original WebPages i.e. company or organizations
Receiver receives the email, open it and click the content and provide the input.
Then Pishers steal the personal information such as money etc.
2.1.Role of web in current malware
The survey report of previous years, malwares evolved to make increased use of the web
Fig 1. Overview of different roles in web
2.1.1. File Repository
Presence of malicious content with in the email is a most common weakness to all mail borne attacks. Malware authors issue mass spamming of messages containing not only the primary payload but also a downloader Trojan. This downloader mechanism has several advantages of malicious authors
Separation of Primary Payload and Email: Downloading functionality written only in a small binary. This creates malicious files that affect the security of mails easily. This payload need not be performed immediately. Some delays can make harder for the user to notice the activity of the victim machine.
Updating Remote Content: This type of attack can be modified by updating the content on the target URL. By using this malware hosted on a URL user can easily measure the frequency that is updated.
Multiple Stages of Downloading: The downloader need not to download the payload immediately. The downloader itself programmed to retrieve the configurationfiles.
2.2.Distributed Denial of Service Attack:
The DDOS attack is to make a computer system unavailable to its intended users. The main aim of this attack is to make a webpage unavailable by some way of these attacks. Due to the growth of Internet attackers take advantage of some hundreds, thousands or even ten thousands of victim systems to attack.
In this DDOS attack, attackers choose the vulnerable agent to perform attack. After choosing attacker exploit the vulnerabilities and inject the attack code, so that the malicious code can be protected from deactivation. After they choose enough machines to attack, the attackers use a communication channels by handlers or by Internet Relay Chat (IRC) services.
WAYS TO DETECT WEB ATTACKS
The web attacks of current generation, IDS is unsatisfactory in dealing with threats of web attacks. Signature based IDS are effective in detecting attacks. Combined with memory based DBMS technology current generation of IDS is capable of Identifying packets travelling gigabyte network. When new or variations among web attacks are involved then signature based IDS becomes useless. The attacks such as known Software Implementation Error is detected by Signature based IDS and there are many researches are there to solve these problems. The Miss Configuration is due to the wrong configuration or due to administrator miss configuration mistake and these are under the security advisors and this can be easily detected by signature based IDS. Http Specification Error is due to hostile request does not conform to Http Specification.
SQL Injection can be prevented by without using dynamic SQL queries or by removing all unwanted inputs and accepting only the expected outputs. Variable Manipulation can be prevented by SSL or digital passports which uses 40 bits and 128 bit encryption. Keystroke Loggers can be detected by antivirus programs because they use Trojan horse to transmit the log files back to attacker. Trojan horse is the most common attack but it can be prevented very easily. The Internet users must not open files of size greater than 50 kb without antivirus scanning. Worms have a tendency to spread very quickly because of the email account owners negligence. This worms is easy to detect, to detect worms to monitor the internet data traffic. Sniffers can be detected by well configuration firewalls.
3.1 Trends in Various Web attacks
Now the increasing growth of internet Web attacks Trends also varying to the current trends. Some Web attacks Trends are Shown here.
3.1.1 Trends For DDOS Attacks
The internet ranging from individuals, end-users to largest organizations, continues to experience DDOS attacks.
Large Botnet Size:
Botnet is a collection of software Agents, which run automatically. Now a days there are steady increase for intruders in the Internet to deploy large DDOs attack networks. In this increasing ways, the availability of resources compares with the ability of new resources to consume, DDOS network continue to out space available bandwidth.
Recently the intruders increases in the use of Internet Relay Chat (IRC) protocol and networks. This IRC based DDOS attacks are sometimes referred to as Botnets. Use of IRC networks and protocols is difficult to identify in DDOS networks.
Packet filtering or rate limiting can be effective in some type of DOS attacks. But intruders use legitimate protocols and services for packets streams. This may cause some type of traffic and some services may be denied.
PRVENTION TECHNIQUES FOR VARIOUS ATTACKS
With the increases in Internet growth the increase in attacks as well as the same about increase in research to develop the prevention techniques also developed. Some Prevention techniques for various attacks are described here.
Methods to Safeguard SQL Attacks:
Some common safeguards against SQL injection attacks, it is simple to implement but due to the ignorance and idle regarding security, precautions are not adhered during the development of websites.
Validation for all input must at both client and server side:
Disinfecting input data:
It is necessary to ensure that only valid data is accepted, while potentially dangerous data is rejected or disinfected.
Use Parameterized Stored Procedure:
It prevents commands inserted from user input from being executed as the logic of query is separated from its data. If one query inadvertently bypassed, that could be enough to leave the application vulnerable. Application will send statement to server without including users input. Instead a parameter location ID is used as a place holder for that input.
Use a low privileged Account to run database:
Running application that connects to database using databases administrator account has advantage for attacks to perform limitless commands with the database.
Delete System Stored Procedure:
Default installation of SQL server is running as system. Attacker could use the stored procedures like master xp command shell to perform remote execution
Methods To Prevent Phishing Attacks
Educate the users to understand how phishing attacks works and be alert when phishing Emails are received. Also some Technical methods are used.
Detect and Block Phishing website in Nature:
If we identify the phishing site in time and then it can block that site and prevent phishing attack. But it is easy to identify the site but also difficult to find out in time.
Some methods are there to detects the Phishing sites are as follows.
Web master of legal website periodically scans the root DNS for suspicious sites.
Since Phisher use some duplicate contents of the target sites, he must use tools to download the WebPages from that target site.
Enhance Security of Websites:
Some business websites such as banks take new methods to guarantee the security of users personal information. Here two methods are used for enhance the security of websites. One method to enhance the security is to use hardware device. Another methods is to use the biometrics characteristics for user authentications.
Block Phishing Emails by various Spam filters:
Phishers use emails as bait to allure potential victims. SMTP is the protocol to deliver emails in the Internet. It is a very simple protocol which lacks necessary authentication mechanisms. Attackers send large number of spoofed emails which are seemed from legitimate organizations.
Phishers hide their identities when sending the spoofed emails, therefore if antispam system can determine whether an email is sent by announced sender.
Install Online anti Phishing Software in userâ€™s Computers:
Last defence, users can install anti phishing tools in their computers. The anti phishing tools divide into two category. Black List- If users visits a website the anti phishing tools searches the address of that site in a blacklist stored in the database. Visited site is on the list, anti phishing tools warns users.
The next category, tools users certain rules in their software and checks the security of websites accord to these rules.
4.3 Methods to Prevents DDOs Attacks:
Distributed Denial of Service attack has several defence mechanisms to prevent the attacks.
Denying Denial of Service attack- A Router based Solution:
Routers modified to provide encryption and authentication, enabling tracing of packets back to its original hardened router. The hardened router should be implemented at the border and access.
When arriving at first hardened router the packets payload is encrypted together with one byte of its IP address and hardened router before the host will decrypt it
A network based solution pushback tries to solve the problem of DDOS attacks from within network using congestion level. When link congestion level reaches the sending router starts dropping packets and tries to identify legitimate traffic by counting the number of times packets dropped.
Traffic Level Measurements:
The module relies on a buffer through which all incoming traffic enters. Traffic level is continuously monitored and when it shoots to high levels, most incoming packets will be dropped. The
module thus attempts to isolate the server from the attack. It first aims to detect the beginning of an attack at time t when the buffer becomes congested.
Hop-count filtering is a victim based solution relying on the fact that the number of hops between source and destination is indirectly indicated by the TTL field in an IP packet. Linking the source IP with the statistical number of hops to reach the destination can be used as a reference to assess the authenticity of the claimed IP source.
This paper has proposed a various web server attack Classification Scheme. Web attacks can be diverse in nature, and some attacks can not be protected with some another attacks. So in this paper we provide a survey report of various types of attacks is categorized and their roles of malware is web also discussed. It also analyses the various attacks and the ways to prevent the attacks. Some important attacks such as SQL injection, DDOS and Phishing are discussed in detail the ways to prevent that attack and also some mechanisms for preventing attacks are discussed in details.