Discussion I

Career Relevancy

The network analyst will need to know the basic concepts of web applications and security postures, various threats/vulnerabilities/attacks on them. The analyst will use defensive measures, countermeasures, and security tools used to defend against attacks on them.

Background

To understand web server hacking, first you should understand web server concepts such as what a web server is, how it functions, and the other elements associated with it. This section gives a brief overview of the web server and its architecture. It will also explain common reasons or mistakes made that allow attackers to hack a web server successfully. This section also describes the impact of attacks on the web server.

A web server is a computer system that stores, processes, and delivers web pages to the global clients via HTTP protocol. In general, a client initiates the communication process through HTTP requests. When a client wants to access any resource such as web pages, photos, videos, and so on, then the client’s browser generates an HTTP request to the web server. Depending on the request, the web server collects the requested information/content from the data storage or from the application servers and responds to the client’s request with an appropriate HTTP response. If a web server cannot find the requested information, then it generates an error message.

Web Application Attack Countermeasures

· Broken Authentication and Session Management

Flaws in authentication and session management application functions allow attackers to either gain passwords, keys, and session tokens or exploit other implementation vulnerabilities to gain other users’ credentials. Session cookies are destined to client IPs by delivering a validation cookie, which includes a cryptographic token that validates that the client IP is the one to which the session token was issued. Therefore, to perform the session attack, the attacker must steal the IP address of the target user.

· Following are some of the countermeasures for broken authentication and session management attacks:

· Use SSL for all authenticated parts of the application

· Verify whether all the users’ identities and credentials are stored in a hashed form

· Never submit session data as part of a GET, POST

According to http://searchenterprisedesktop.techtarget.com, patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management is a defense against vulnerabilities that cause security weakness or corrupts data. It is a process of scanning for network vulnerabilities, detecting the missed security patches and hotfixes and then deploying the relevant patches as soon as they are available to secure the network. It involves the following:

· Choosing, verifying, testing, and applying patches

· Updating previously applied patches with current patches

· Listing patches applied previously to the current software

· Recording repositories, or depots, of patches for easy selection

· Assigning and deploying the applied patches

An automated patch management process includes:

· Detect: Use tools to detect missing security patches.

· Assess: Asses the issue(s) and its associated severity by mitigating the factors that may influence the decision.

· Acquire: Download the patch for testing. Test: Install the patch first on a testing machine to verify the consequences of the update.

· Deploy: Deploy the patch to the computers and make sure the applications are not affected.

· Maintain: Subscribe to get notifications about vulnerabilities as they are reported

Prompt

Who should be liable when a breach occurs on a web server or web application? Explain your reasoning being sure to consider the who, why, and to what extent in your response and secondary responses.

For your citation, you might use articles that show examples of webserver attacks and countermeasures, as well as patch management concepts.

Your initial and reply posts should work to develop a group understanding of this topic. Challenge each other. Build on each other. Always be respectful but discuss this and figure it out together.

Reply Requirements

You must submit:

1 main post of 200+ words with 2 in-text citations and references (follow the Institution Writing Guidelines)

Responses can be addressed to both your initial thread and other threads but must be:

· Your own words (no copy and paste)

· Unique (no repeating something you already said)

· Substantial in nature, which means there has to be some meat to the reply not something like: "Good job, Rasha, your post is excellent." A substantial post will do one of the following:

1. Extend the conversation deeper,

2. Challenge the post being responded to, or

3. Take the conversation in a career-relevant tangent