A SLIDE ON WEB SERVER SECURITY

ISSUES

BYO N U O H A C H I B U I K E M A R T I N S

DEPARTMENT OF INFORMATION MANAGEMENT TECHNOLOGY

FEDERAL UNIVERSITY OF TECHNOLOGY, OWERRI

Web Server Security Challenges

What are web servers?Web server is an information technology that processes

requests via HTTP, the basic network protocol used to distribute information on the world wide web.

Types of Web ServersApache web serverInternet Information ServicesLighttpd Web serversJigsaw Web serverSun Java System Web servers

BROWSER INTERACT WITH SERVERS

WEB SERVER SECURITY ISSUES

Brute ForceBotnetMalwareSQL injectionDoSUnpatched applicationCareless Users

MALWARE

Adware advertises a commercial offering actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another advertiser.Spyware is software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market.virus is used for a program that embeds itself in some other executable software (including the operating system itself) on the target system without the user's consent and when that is run causes the virus to spread to other executable. Worm is a stand-alone malware program that actively transmits itself over a network to infect other computers, etc.

BOTNET a.k.a Zombie

Botnets can be exploited for various other purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam, mining bitcoins, spamdexing, and the theft of application serial numbers, login IDs, and financial information such as credit card numbers.

Denial of Service attack

At this point in time legitimate users request will not be handled or will be timed out. A very good example is when for a day your phone receives 12,000 calls from people you don’t know. Your phone will be busy, very hot and these calls would prevent you from calling and answering calls from people in your contact list.Symptoms of web server under DoS attack1. Slow network performance in opening files or accessing websites2. Unavailability of a particular web site3. Inability to access any web site4. Increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)5. Disconnection of a wireless or wired internet connection

SQL INJECTION

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

Sql injection is a very tedious process that requires consistency and patience from the side of an attacker.

UNPATCHED SOFTWARE

Applying security updates also addresses technical glitches to improve the software’s performance. Until systems are updated, computers remain open to threats that abuse vulnerabilities. All server operating system vendors and distributions publish security updates.

CARELESS USERS

The most prevalent threat to a server’s security is user carelessness. If you or your users have passwords that are easy to guess, poorly written code, unpatched software, or a lack of security measures like anti-virus software, you are just asking for trouble.