Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Published byLuke Benson Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2."— Presentation transcript:

1 Web Defacement Anh Nguyen May 6 th, 2010

2 Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2

3 Introduction – Web Defacement – Hackers Motivation – Effects on Organizations How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 3

4 Introduction Web Defacement Occurs when an intruder maliciously alters a Web page by inserting or substituting provocative and frequently offending data Exposes visitors to misleading information 4

5 Introduction Web Defacement http://www.attrition.org/mirror/attrition/ – Tracks of defacement incidents and keeps a “mirror” of defaced Web sites 5

6 Introduction Hackers Motivation Look for credit card numbers and other valuable proprietary information Gain credibility in the hacking community, in some high profile cases, 15 minutes of fame through media coverage of the incident 6

7 Introduction Effects on Organizations Organizations lose – Credibility and reputation – Customer trust and revenue – E-retailers can lose considerable patronage if their customers feel their e-business is insecure – Financial institutions may experience significant loss of business and integrity 7

8 How Hackers Deface Web Pages Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 8

9 How Hackers Deface Web Pages Obtain usernames – Use information-gathering techniques – Make use of publicly available information Domain registration records – Use ‘social engineering’ tactics Call an employee and pose as a system administrator 9

10 How Hackers Deface Web Pages (Cont.) Guess passwords – Go through a list of popular or default choices – Use intelligent guesses – Use ‘social engineering’ tactics Birth dates Names of family members 10

11 How Hackers Deface Web Pages (Cont.) Obtain administrator privileges Perform additional information gathering to find out useful tidbits – The exact version and patch levels of the OS – The versions of software packages installed on the machine – Enabled services and processes 11

12 How Hackers Deface Web Pages (Cont.) Access well-known Web sites and locate hacks that exploit vulnerabilities existing in the software installed Gain control of the machine and modify the content of pages easily 12

13 How Hackers Deface Web Pages (Cont.) Sechole An example of a privilege escalation exploit on Windows NT4 The attack modifies the instructions in memory of the OpenProcess API call so it can attach to a privileged process Once the privileged process runs, the code adds the user to the Administrators group The technique works if the code runs locally 13

14 How Hackers Deface Web Pages (Cont.) Sechole In the presence of Microsoft’s Internet Information Server (IIS) Web server and some other conditions, Sechole can be launched from a remote location 14

15 How Hackers Deface Web Pages (Cont.) Sechole Another approach is to exploit vulnerabilities in Internet servers that are listening to open ports – No need to log on to the server – Execute malicious code over an open legitimate connection 15

16 How Hackers Deface Web Pages (Cont.) IIS Hack Well-known example for a remote attack on the IIS Web server Hackers exploit a buffer overflow weakness in lsm.dll, causing malicious code to execute in the security context of the System on the server 16

17 Solutions to Web Defacement Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 17

18 Solutions to Web Defacement Firewalls – Do not scan incoming HTTP packets – HTTP attacks (such as IIS Hack) are not detected Network-based Intrusion Detection Systems (NIDS) and Host- based Intrusion Detection Systems (HIDS) – Listen to packets on the wire, but do not block them – In many cases, the packet reaches its destination before it is being interpreted by the NIDS 18

19 Solutions to Web Defacement (Cont.) Integrity assessment – A hash code (similar to a checksum) for a Web page reflecting the page’s content is computed – The saved hash code is periodically compared with the freshly computed one to see if they match – The frequency of the hash code comparisons needs to be high – The scheme collapses when pages are generated dynamically 19

20 Solutions to Web Defacement (Cont.) Multi-layered protection system – Needed in order to effectively deal with Web defacement – On-the-spot prevention Attack s should be identified before their executions, i.e. they should be identified at the service request level Use system call and API call interception 20

21 Solutions to Web Defacement (Cont.) Multi-layered protection system (Cont.) – Administrator (root) resistant Allow only specific predefined user (the Web master), instead of the ‘Administrator’ account, to modify the Web site content and configuration – Application access control A single predefined program should be used to edit and/or create Web pages – OS level protection 21

22 Solutions to Web Defacement (Cont.) Multi-layered protection system (Cont.) – HTTP attack protection A protection module that scans incoming HTTP requests for malicious requests, even when the communication is encrypted, should be used – Web server resources protection Executables Configuration files Data files Web server process 22

23 Solutions to Web Defacement (Cont.) Multi-layered protection system (Cont.) – Other Internet server attack protection Bind (a DNS server) Sendmail (an SMTP server) 23

24 Conclusions Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 24

25 Conclusions Thank you for your time Questions and feedback are welcome 25

26 References Prevent Web Site Defacement – http://www.mcafee.com/us/local_content/white_ papers/wp_2000hollanderdefacement.pdf 26

Download ppt "Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2."

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google