Download - Web Defacement Attack Case
-
8/17/2019 Web Defacement Attack Case
1/26
Web Defacement
Anh Nguyen
May 6th , 2010
-
8/17/2019 Web Defacement Attack Case
2/26
Organization
• Introduction
• How Hackers Deface Web ages
•
!o"utions to Web Deface#ent• $onc"usions
2
-
8/17/2019 Web Defacement Attack Case
3/26
-
8/17/2019 Web Defacement Attack Case
4/26
IntroductionWeb Defacement
• (ccurs when an intruder #a"icious"ya"ters a Web +age by inserting orsubstituting +ro%ocati%e andfreuent"y o'ending data
• &-+oses %isitors to #is"eadinginfor#ation
.
-
8/17/2019 Web Defacement Attack Case
5/26
IntroductionWeb Defacement
• htt+/wwwattritionorg#irrorattrition – racks of deface#ent incidents and
kee+s a 3#irror4 of defaced Web sites
5
http://www.attrition.org/mirror/attrition/http://www.attrition.org/mirror/attrition/http://www.attrition.org/mirror/attrition/http://www.attrition.org/mirror/attrition/
-
8/17/2019 Web Defacement Attack Case
6/26
IntroductionHackers Motivation
• ook for credit card nu#bers and other %a"uab"e+ro+rietary infor#ation
• 7ain credibi"ity in the hacking co##unity, inso#e high +ro8"e cases, 15 #inutes of fa#ethrough #edia co%erage of the incident
6
-
8/17/2019 Web Defacement Attack Case
7/26
IntroductionEects on Organizations
• (rgani)ations "ose – $redibi"ity and re+utation
– $usto#er trust and re%enue
– &9retai"ers can "ose considerab"e +atronage if their
custo#ers fee" their e9business is insecure – :inancia" institutions #ay e-+erience signi8cant "oss of
business and integrity
;
-
8/17/2019 Web Defacement Attack Case
8/26
How Hackers Deface WebPages
• Introduction
• How Hackers Deface Web ages
•
!o"utions to Web Deface#ent• $onc"usions
<
-
8/17/2019 Web Defacement Attack Case
9/26
How Hackers Deface WebPages
• (btain userna#es – =se infor#ation9gathering techniues
– Make use of +ub"ic"y a%ai"ab"einfor#ation• Do#ain registration records
– =se >socia" engineering? tactics•
$a"" an e#+"oyee and +ose as a syste#ad#inistrator
@
-
8/17/2019 Web Defacement Attack Case
10/26
How Hackers Deface Web Pages(Cont!
• 7uess +asswords – 7o through a "ist of +o+u"ar or defau"t
choices
– =se inte""igent guesses
– =se >socia" engineering? tactics• irth dates
•
Na#es of fa#i"y #e#bers
10
-
8/17/2019 Web Defacement Attack Case
11/26
How Hackers Deface Web Pages(Cont!
• (btain ad#inistrator +ri%i"eges
• erfor# additiona" infor#ationgathering to 8nd out usefu" tidbits – he e-act %ersion and +atch "e%e"s of
the (!
– he %ersions of software +ackages
insta""ed on the #achine – &nab"ed ser%ices and +rocesses
11
-
8/17/2019 Web Defacement Attack Case
12/26
How Hackers Deface Web Pages(Cont!
• Access we""9known Web sites and"ocate hacks that e-+"oit%u"nerabi"ities e-isting in the
software insta""ed
• 7ain contro" of the #achine and#odify the content of +ages easi"y
12
-
8/17/2019 Web Defacement Attack Case
13/26
How Hackers Deface Web Pages (Cont!"ec#o$e
• An e-a#+"e of a +ri%i"ege esca"atione-+"oit on Windows N.
• he attack #odi8es the instructionsin #e#ory of the (+enrocess AIca"" so it can attach to a +ri%i"eged+rocess
• (nce the +ri%i"eged +rocess runs, thecode adds the user to theAd#inistrators grou+
• he techniue works if the code runs1*
-
8/17/2019 Web Defacement Attack Case
14/26
How Hackers Deface Web Pages (Cont!"ec#o$e
• In the +resence of Microsoft?sInternet Infor#ation !er%er BII!C Webser%er and so#e other conditions,
!echo"e can be "aunched fro# are#ote "ocation
1.
-
8/17/2019 Web Defacement Attack Case
15/26
How Hackers Deface Web Pages (Cont!"ec#o$e
• Another a++roach is to e-+"oit%u"nerabi"ities in Internet ser%ers thatare "istening to o+en +orts – No need to "og on to the ser%er
– &-ecute #a"icious code o%er an o+en"egiti#ate connection
15
-
8/17/2019 Web Defacement Attack Case
16/26
How Hackers Deface Web Pages (Cont!II" Hack
• We""9known e-a#+"e for a re#oteattack on the II! Web ser%er
• Hackers e-+"oit a bu'er o%erowweakness in "s#d"", causing#a"icious code to e-ecute in thesecurity conte-t of the !yste# on the
ser%er
16
-
8/17/2019 Web Defacement Attack Case
17/26
"o$utions to WebDefacement
• Introduction
• How Hackers Deface Web ages
•
!o"utions to Web Deface#ent• $onc"usions
1;
-
8/17/2019 Web Defacement Attack Case
18/26
"o$utions to Web Defacement
• :irewa""s
– Do not scan inco#ing H +ackets
– H attacks Bsuch as II! HackC are notdetected
• Network9based Intrusion Detection !yste#sBNID!C and Host9based Intrusion Detection!yste#s BHID!C
– isten to +ackets on the wire, but do not b"ockthe#
– In #any cases, the +acket reaches itsdestination before it is being inter+reted by theNID!
1<
-
8/17/2019 Web Defacement Attack Case
19/26
"o$utions to WebDefacement (Cont!
• Integrity assess#ent – A hash code Bsi#i"ar to a checksu#C for
a Web +age reecting the +age?s
content is co#+uted – he sa%ed hash code is +eriodica""y
co#+ared with the fresh"y co#+utedone to see if they #atch
– he freuency of the hash codeco#+arisons needs to be high
– he sche#e co""a+ses when +ages are
generated dyna#ica""y1@
-
8/17/2019 Web Defacement Attack Case
20/26
"o$utions to WebDefacement (Cont!
• Mu"ti9"ayered +rotection syste# – Needed in order to e'ecti%e"y dea" with
Web deface#ent
– (n9the9s+ot +re%ention• Attack s shou"d be identi8ed before their
e-ecutions, ie they shou"d be identi8ed atthe ser%ice reuest "e%e"
• =se syste# ca"" and AI ca"" interce+tion
20
-
8/17/2019 Web Defacement Attack Case
21/26
"o$utions to WebDefacement (Cont!
• Mu"ti9"ayered +rotection syste#B$ontC – Ad#inistrator BrootC resistant
• A""ow on"y s+eci8c +rede8ned user Bthe Web#asterC, instead of the >Ad#inistrator?account, to #odify the Web site content andcon8guration
– A++"ication access contro"• A sing"e +rede8ned +rogra# shou"d be used
to edit andor create Web +ages
– (! "e%e" +rotection21
-
8/17/2019 Web Defacement Attack Case
22/26
"o$utions to WebDefacement (Cont!
• Mu"ti9"ayered +rotection syste#B$ontC – H attack +rotection
• A +rotection #odu"e that scans inco#ingH reuests for #a"icious reuests, e%enwhen the co##unication is encry+ted,shou"d be used
– Web ser%er resources +rotection• &-ecutab"es
• $on8guration 8"es
• Data 8"es
•Web ser%er +rocess22
-
8/17/2019 Web Defacement Attack Case
23/26
"o$utions to WebDefacement (Cont!
• Mu"ti9"ayered +rotection syste#B$ontC – (ther Internet ser%er attack +rotection
• ind Ba DN! ser%erC
• !end#ai" Ban !M ser%erC
2*
-
8/17/2019 Web Defacement Attack Case
24/26
Conc$usions
• Introduction
• How Hackers Deface Web ages
•
!o"utions to Web Deface#ent• $onc"usions
2.
-
8/17/2019 Web Defacement Attack Case
25/26
Conc$usions
• hank you for your ti#e
• Euestions and feedback are we"co#e
25
-
8/17/2019 Web Defacement Attack Case
26/26
%eferences
• re%ent Web !ite Deface#ent – htt+/www#cafeeco#us"oca"Fcontent
whiteF+a+ersw+F2000ho""anderdeface
#ent+df
26