You get a bonus - 1 coin for daily activity. Now you have 1 coin

Hazards for web resources

Lecture



Hacker attack called expensive attempts to break into security systems.
The goals of hacker attacks.
• Destabilization of the remote system, rendering it inoperable by DOS and DDOS attacks.
• Obtaining control over a remote system either to introduce a specific code, or to obtain any confidential data from the site (databases, credit card numbers, email addresses, etc.).
The main types of hacker attacks.
• DoS - (Denial of Service - denial of service) - an attack designed to force the server to not respond to requests. This type of attack does not provide for obtaining some secret information, but sometimes it helps in the initiation of other attacks. For example, some programs may cause exceptions due to errors in their code, and when shutting down services they are able to execute code provided by an attacker or avalanche-type attacks when the server cannot process a huge number of incoming packets.
• DDoS - (Distributed Denial of Service) - has the same goal as the DoS, but is carried out not from a single computer, but from several computers on a network. DDoS attacks are used or errors occur that lead to the failure of the service or the activation of the protection, leads to the blocking of the service and, as a result, to the denial of service. DDoS is used where normal DoS is not effective. To do this, several computers are combined, and each performs a DoS attack on the victim's system. Together, this is called a DDoS attack.
• The method of injection or XSS - this type of attack is based on the fact that in a working system to translate extraneous code, or provide unlawful access to sensitive information, or destabilize the system altogether.
• Interception of packets. Since most of the data, in particular, logins and passwords transmitted over the network in an unencrypted form, with appropriately installed and configured software, is called a sniffer, a hacker can get a lot of information: who, where and from where, and also transmitted data.
• Attack by malicious software. A user’s computer using various methods (including social engineering and software holes) is either sent by a virus or a trojan, and depending on the degree of its harmfulness, any data is transmitted (exited) or control of the system is intercepted. .
• Mailbombing (spamming) is the oldest type of attack, when a large number of emails are sent to the mail server, as a result of which it cannot process all this avalanche and simply falls. Many programs have been developed to carry out spam attacks, and even an inexperienced spammer could spam a foe's box. At the same time, the programs often included the ability to anonymize the sender's IP address and generate message threads, so it was rather difficult to get rid of such spam by conventional means. But now spam comes to the mail in fairly large quantities, contrary to anti-spam filters and other software.
• Network intelligence. When conducting an attack, a hacker can gain full access to the system, learn about its composition and install software, but it does not perform any destructive actions. Therefore, the attack is called intelligence.
• Social engineering is based on greed, user incompetence, and hackers' desire to show their own worth. Attackers can, under a variety of pretexts, wiping into trust, get some data from a user, in particular, a login and password. In this case, the user himself informs them of this information.
XSS attack
XSS attack is one of the most favorite types of hacker attacks. The XSS abbreviation stands for Cross Site Scripting, or “cross-site scripting.” The first letter C has been replaced with X since the CSS abbreviation is already taken, means “Cascading Style Sheets” and is used in web programming.
The XSS attack is an attack on a vulnerability that exists on the server, allows you to embed any arbitrary code into the HTML page generated by the server, which can contain anything at all and pass this code as a value of a variable that does not filter by there is a server does not check this variable for the presence of prohibited characters in it -, <,>, ",". The value of this variable is transferred from the generated HTML page to the server in the script by sending a request.
And then the fun begins for the hacker. The PHP script, in response to this request, generates an HTML page that displays the values ​​of the variables needed by the hacker, and sends this page to the hacker's browser.
That is, to put it simply, XSS attack is an attack with the help of server vulnerabilities on client computers.
XSS attack is most often used to steal cookies. They store information about the user's session on the sites, and hackers need to intercept the management of the user's personal data on the site until the session is closed by the server hosting the site. Cookies retain an encrypted password under which the user enters this site. With the necessary utilities, hackers decrypt this password and get constant and unlimited access to user accounts on different resources.
Other features of XSS attacks:
• When you open the page opens a large number of unnecessary windows.
• Forwarding to another site (for example, to a competitor's site).
• Download a script with arbitrary code (even harmful) to the user's computer by embedding a link to the executable script from a third-party server.
• Theft of personal information from the user's computer, such as Cookies, information about visited sites, browser versions and the operating system installed on the user's computer, the IP address of the user's computer.
• XSS attack can be carried out not only through the site, but also through vulnerabilities in the browser or other clients. Therefore, it is recommended to update the used software more often.
• Conduct XSS attacks through the use of SQL-code.
There are quite a lot of opportunities in XSS attacks, an attacker can acquire personal information, and this is very unpleasant. In addition, the XSS attack damages only client machines, leaving the server fully operational, and in the administration of various servers there is little incentive to install protection against this type of attack.
There are two types of XSS attacks: active and passive. At the first attack, the malicious script is stored on the server and starts its activity when the site page is loaded in the client’s browser. In the second type of attack, the script is not stored on the server and the harmful action starts to be performed only in the case of a specific user action, for example, when you click on the generated links.
Tips for programmers and administrators to prevent XSS attacks.
• Prohibit inclusion of the $ _GET, $ _POST, $ _COOKIE parameters directly into the generated HTML page. It is recommended to use alternative functions and parameters.
• Prevent uploading arbitrary files to the server to avoid downloading malicious scripts. In particular, it is recommended to prohibit uploading files of various types of scripts and HTML pages to the server.
• All downloaded files stored in the database, and not in the file system. The data structure does not violate (even vice versa), and problems can be significantly less.
• With the expansion of the site functionality, the likelihood of XSS attacks increases, so the expansion should be carried out with caution and regular testing.
DoS and DDoS attacks
DoS-attack (Denial of Service attack) is an attack on a computer system with the aim of bringing it to failure. Creation of such conditions under which legal (legitimate) users of the system cannot access the resources provided by the system (servers), or this access is difficult. Failure of an “enemy” system can be a step towards mastering the system (if, in an emergency situation, the software issues some critical information — for example, a version, part of a program code, etc.). But, as a rule, it is a measure of economic or other pressure: the resource that generates income, high bills from the provider and costly measures to protect against attacks does not work.
If an attack is performed simultaneously from a large number of computers, they are talking about a DDoS attack (Distributed Denial of Service, a distributed denial of service attack). In some cases, an actual DDoS attack leads to an unintended action, for example, placing a link to a site that is located on an unproductive server (a slashdot effect) on a popular Internet resource. A large influx of users leads to exceeding the permissible load on the server and, therefore, denial of service to some of them.
Causes of DDoS Attacks
• An error in the program code, which leads to access to unused fragments of the address space, execution of an invalid instruction or other unhandled exception when the server program, the server program, crashes. A classic example is addressing at a null (eng. Null) address.
• Insufficient verification of user data, which leads to an infinite or long cycle or increased long-term consumption of processor resources (until processor resources are exhausted) or the allocation of a large amount of RAM (until available memory is exhausted).
• Flood (Flood, "overflow") - an attack associated with a large number of usually meaningless or formed in the wrong format requests to a computer system or network equipment that has the purpose of denying the system due to the exhaustion of system resources - processor, memory or communication channels .
• Attack of the second kind - an attack that seeks to cause false triggering of the protection system and thus lead to resource inaccessibility.
DDoS protection
• Prevention. Prevention of causes that motivate people to organize and accept DoS attacks. (Very often, cyber attacks in general are the consequences of personal grievances, political, religious and other differences, provoking behavior of the victim, etc.)
• Filtering and blekholing. Blocking traffic coming from attacking machines. The effectiveness of these methods decreases as you approach the object of attack and increases as you approach the attacking machine.
• Reverse DDOS. Overclocking traffic, used to attack the attacker.
• Elimination of vulnerabilities. Does not work against flood attacks, for which the "vulnerability" is the exhaustion of system resources.
• Resource Growth. Naturally, it does not give absolute protection, but it is a good background for applying other types of protection against DoS attacks.
• Distribution. Building distributed and redundant systems that do not stop serving users, even if some of their elements become unavailable due to a DoS attack.
• Evasion. Diverting an immediate attack target (domain name or IP address) away from other resources, which are also often affected along with the immediate attack target.
• active measures. Influence on the sources, the organizer or the control center of the attack, both technogenic and organizational-legal means.
• Use hardware to display DoS attacks. For example, DefensePro® (Radware), Perimeter (MFI Soft), Arbor Peakflow® and from other manufacturers.
• Acquisition of a DoS attack protection service. Actual in case of flooding of network bandwidth.


Comments


To leave a comment
If you have any suggestion, idea, thanks or comment, feel free to write. We really value feedback and are glad to hear your opinion.
To reply

Malicious, and information security

Terms: Malicious, and information security