Attack software can be found everywhere on the Internet. Attackers do not need a deep understanding of network protocols to complete attacks such as changing the homepage of a web website, obtaining the administrator password, destroying the entire website data, etc. The network layer data generated during these attacks is no different from normal data.
Many people believe that the continuous deployment of firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS) and other equipment in the network can improve network security. But why do application-based attacks continue to occur? The fundamental reason is that traditional network security equipment has a very limited role in preventing application layer attacks. Most current firewalls work at the network layer and implement access control functions through data filtering at the network layer (based on ACLs in TCP/IP packet headers); stateful firewalls ensure that the internal network will not be illegally accessed by external networks. . All processing is at the network layer, and the characteristics of application layer attacks cannot be detected at the network level. IDS and IPS use deep packet inspection technology to examine the application layer traffic in network data and match it with the attack signature database to identify known network attacks and achieve protection against application layer attacks. However, IDS and IPS cannot effectively protect against unknown attacks, attacks that will appear in the future, and application layer attacks implemented through flexible encoding and packet segmentation.
Major website security issues and their hazards
Common web attacks are divided into two categories: one is to exploit the vulnerabilities of the web server to attack, such as CGI buffer overflow, directory traversal vulnerability exploitation and other attacks; the other is to exploit the security vulnerabilities of the web page itself, such as SQL injection, cross-site scripting Attack etc. Common attacks against web applications include:
Buffer overflow - An attacker uses a request that exceeds the buffer size and crafts a binary to cause the server to execute malicious instructions in the overflow stack
Cookie impersonation - carefully modify cookie data to impersonate users
Authentication Evasion – Attackers exploit insecure certificate and identity management
Illegal input - using various illegal data in the input of dynamic web pages to obtain sensitive data from the server
Forced access - accessing unauthorized web pages
Hidden variable tampering - modify the hidden variables in the web page to deceive the server program
Denial of service attack - constructing a large number of illegal requests so that the web server cannot respond to normal user access
Cross-site scripting attack - submit illegal scripts and steal user account and other information when other users browse
SQL injection - construct SQL code for the server to execute and obtain sensitive data
Two simple attack methods are listed below for explanation.
SQL injection
For web pages that interact with the backend database, if there is no comprehensive judgment on the legality of user input data, the application will have security risks. Users can submit a carefully constructed database query code in a URL or form input box that can submit normal data, causing the background application to execute the attacking SQL code. The attacker can obtain certain sensitive information he wants to know based on the results returned by the program. Data, such as administrator password, confidential business information, etc.
Cross-site scripting attack
Because web pages can contain text and HTML tags that are generated by the server and interpreted by the client browser. If untrustworthy content is introduced into a dynamic page, neither the website nor the client has enough information to recognize the situation and take protective measures. If an attacker knows that an application on a website receives cross-site scripting submissions, he can submit scripts on the Internet that can complete the attack, such as JavaScript, VBScript, ActiveX, HTML or Flash. Once an ordinary user clicks on the web page The scripts submitted by these attackers will be executed on the user's client machine to complete various attacks ranging from intercepting accounts, changing user settings, stealing and tampering with cookies to false advertising.
As attacks develop towards the application layer, traditional network security equipment cannot effectively solve current security threats. The security problems faced by application deployment in the network must be through a newly designed high-performance security firewall that protects application layer attacks - application firewall. to solve. Application firewall handles the application layer by executing requests inside the application session. Application firewalls specialize in protecting web application traffic and all related application resources from attacks that exploit web protocols. Application firewalls block browser and HTTP attacks that exploit application behavior for malicious purposes. These attacks include data attacks that modify data using special characters or wildcards, logical content attacks that seek to obtain command strings or logical statements, and targeted attacks that primarily target accounts, files, or hosts.
The above content is provided to you by the original appearance www.chuancaipu.com