12.1 - Web Servers

 12.1 - Web servers 

 

Key Terms:

  • Web server – A computer used to store and distribute web pages to clients. 

 

Web Requests 

A web server works through requests. First, a client would send a TCP request to the web server to open a connection. Once the handshake has been established, the web server waits as the client sends a HTTP request (URL). Finally, a HTTP response is sent, and the web page is displayed to the client. 

 

Microsoft IIS 

Microsoft IIS is a web server application provided by Microsoft to users using Windows. It can support most web hosting protocols such as HTTP, HTTPS, FTP, SMTP, etc... IIS also provides various modules that managers can add such as database support, authentication support, certificate support, security support, process management and protocol listeners. 

 

Apache Web Server 

Apache is an open-source web server that provides authentication, SSL support, TLS support, enhanced logging, intrusion detection, HTTP request filtering, and proxy support. 

 

Vulnerabilities 

Web servers make great targets for hackers. This is because they are able to provide the hacker with access to the greater network and store lots of sensitive information. 

 

Defacement 

This is when a website’s appearance is altered so it looks like it has been defaced to humiliate the business. 

 

Directory Traversal 

This is when a hacker targets directories and executable files outside the web server directories. This is only successful on older web servers. 

 

Cross Site Scripting (XSS) 

XSS relies on scripting defects on a website. The hacker can inject malicious code into the website via these defects to run trojans on a user’s computer. 

 

Web Hacking Methodology 

    • Information gathering 
    • Foot printing 
    • Mirroring 
    • Vulnerability scanning 
    • Hijack sessions 
    • Crack passwords
 

Countermeasures 

Always remember to verify your configurations as misconfigurations can pose threats. Also patches and updates can fix vulnerabilities, bugs, andimprove performance so updating the web server is vital to security. Make sure all inactive user accounts are removed. Also make sure all default credentials are changed. Disable the directory listing option to defend against directory traversing. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more