Slide 3 At the most basic level, whenever a browser needs a file that is hosted on a web server, the browser requests the file via HTTP. When the request reaches the correct (hardware) web server, the (software) HTTP server accepts the request, finds the requested document, and sends it back to the browser, also through HTTP. Slide 4 What a company thought of as a safe environment actually has dangerous gaps or mistakes that leave the organization open to risk. Cloud misconfigurations can go well beyond simple access to publicly accessible sensitive data. In October 2019, cyber security company Imperva reported that an attacker was able to find an administrative API key on a misconfigured Amazon production instance. The attacker used this key to access a 2017 database instance containing information related to the company’s customers. Slide 14 In a typical default installation, many network services which won’t be used in a web server configuration are installed, such as remote registry services, print server service, Remote access service etc. Switching off unnecessary services will also give an extra boost to your server performances, by freeing some hardware resources. Slide 15 server administrators should login to web servers locally. It is also very important not to use public computers or public networks to access corporate servers remotely, such as in internet café’s or public wireless networks. Slide 16 Ideally, development and testing of web applications should always be done on servers isolated from the internet, and should never use or connect to real life data and databases. Slide 17 Through experience we’ve learnt that hackers who gained access to the web root directory, were able to exploit other vulnerabilities, and were able to go a step further and escalate their privileges to gain access to the data on the whole disc, including the operating system and other system files. From there onwards, the malicious users have access to execute any operating system command, resulting in complete control of the web server. Slide 19 hacking incidents still occur because hackers took advantage and exploited un-patched servers and software. Slide 20 We should always be on the lookout for strange log entries. Log files tend to give all the information about an attempt of an attack, and even of a successful attack, but most of the times these are ignored. If one notices strange activity from the logs, this should immediately be escalated so the issue can be investigated to see what is happening. Slide 21 There is also a long list of software that when installed, user accounts are created on the operating system. Such accounts should also be checked properly and permissions need to be changed required. Slide 23 Although configuring such tools is a tedious process and can be time consuming, especially with custom web applications, but it is good. POODLE The POODLE attack is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. NTP amplification / monlist NTP amplification is a type of Distributed Denial of Service (DDoS) attack in which the attacker exploits publicly-accessible Network Time Protocol (NTP) servers to overwhelm the targeted with User Datagram Protocol (UDP) traffic.
