Certified Ethical Hacker (CEH) : Hacking Web Servers

0
627

Web server Concepts

Web Server Security Issue

Open Source Web server Architecture

  • Apache HTTP Server
  • NGINX
  • Apache Tomcat
  • Lighttpd
  • Node.js

IIS Web Server Architecture

Components of IIS

Components of IIS include:

  • Protocol Listener
  • HTTP.sys
  • World Wide Web Publishing Service (WWW Service)
  • Windows Process Activation Service (WAS)

Web server Attacks

  • DoS/DDoS Attacks
  • DNS Server Hijacking
  • DNS Amplification Attack
  • Directory Traversal Attacks
  • Man-in-the-Middle/Sniffing Attack
  • Phishing Attacks
  • Website Defacement
  • Web server Misconfiguration
  • HTTP Response Splitting Attack
  • Web Cache Poisoning Attack
  • SSH Brute-force Attack
  • Web Application Attacks

Attack Methodology

  • Information Gathering
  • Web server Footprinting
  • Mirroring a Website
  • Vulnerability Scanning
  • Session Hijacking
  • Hacking Web Passwords

Countermeasures

Detecting Web Server Hacking Attempts

Defending Against Web Server Attacks

  • Auditing Ports.
  • Disabling insecure and unnecessary ports.
  • Using Port 443 HTTPS over port 80 HTTP.
  • Encrypted traffic.
  • Server Certificate
  • Code Access Security Policy
  • Disable tracing
  • Disable Debug compiles

Patch Management

Patches and Hotfixes

LEAVE A REPLY

Please enter your comment!
Please enter your name here