Keamanan Sistem (CNG4O3)

Keamanan Sistem (CNG4O3)
2014-2
05 – Application and Network Attacks
http://newstweek.com/
Application Attacks
Zero day attacks
• exploit previously unknown vulnerabilities so
victims have no time (zero days) to prepare or
defend against the attacks
• Include:
• Web application attacks
• Client-side attacks
• Buffer overflow attacks
Typical Web Application
Infrastructure
Securing Web Application
Securing Web Application
• Protecting the network.
Although traditional network security devices can block
traditional network attacks, they cannot always block Web
application attacks. This is because many traditional network
security devices ignore the content of HTTP traffic, which is the
vehicle of Web application attacks. Because all Web traffic is
based on the HTTP protocol, blocking HTTP traffic in order to
stop Web application attacks would essentially prevent any
access from the Internet.
• Hardening the Web server.
Enhancing the security of the Web server operating system and
system services, although important for defending against other
types of attacks, may not prevent attacks to Web applications.
This is because, by design, the user’s input through the Web
browser using HTTP must be processed by Web applications at
the application level.
Cross-Site Scripting (XSS)
http://www.acunetix.com/websitesecurity/cross-site-scripting/
Example
http://excess-xss.com/
Reflected XSS
http://excess-xss.com/
SQL Injection
http://code.tutsplus.com/tutorials/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations--net-51
Beberapa kasus SQL injection
• …
• On March 7, 2014, officials at Johns Hopkins University
publicly announced that their Biomedical Engineering
Servers had become victim to an SQL injection attack carried
out by an Anonymous hacker named "Hooky" and aligned
with hacktivist group "RaptorSwag". The hackers
compromised personal details of 878 students and staff,
posting a press release and the leaked data on the internet.
• In August 2014, Milwaukee-based computer security
company Hold Security disclosed that it uncovered a theft of
confidential information from nearly 420,000 websites
through SQL injections. The New York Times confirmed this
finding by hiring a security expert to check the claim.
http://en.wikipedia.org/wiki/SQL_injection
Directory traversal attack
• An attacker needs only a Web browser and
knowledge of the location of default files and
directories on the system under attack
• Example:
Normal URL =
http://www.server.net/dynamic.asp?view=display.ht
ml
Attack =
http://www.server.net/dynamic.asp?view=../../../../..
/TopSecret.docx
Client-side Attack
• Targets vulnerabilities in client applications that
interact with a compromised server or process
malicious data.
• In this case, the client initiates the connection with the
server that could result in an attack.
• Common client-side attacks include:
•
•
•
•
header manipulation
cookies and attachments
session hijacking
malicious add-ons
Session hijacking
• An attack in which an attacker attempts to
impersonate the user by using his session token.
• Stealing the session token.
• An attacker can eavesdrop on the transmission and steal
the session token
• Stealing the session token cookie.
• An attacker can use XSS and other attacks to steal the
session token cookie from the victim’s computer and use
it to impersonate the victim.
Buffer Overflow Attacks
• A process attempts to store data in RAM beyond
the boundaries of a fixed-length storage buffer.
• This extra data overflows into the adjacent memory
locations and, under certain conditions, may cause
the computer to stop functioning.
• Attackers also use a buffer overflow in order to
compromise a computer
Network Attacks
include denial of service, interception, poisoning, and attacks
on access rights
Denial of Service (DoS)
• Attempts to prevent a system from performing its
normal functions
• Types of DoS attacks:
•
•
•
•
ping flood attack
smurf attack
SYN flood attack
distributed denial of service (DDoS)
http://flylib.com/books/en/4.213.1.24/1/
Man-in-the-middle attack
• Passive
• captures the data that is being transmitted, records it, and then
sends it on to the original recipient without their presence being
detected
• Active
• the contents are intercepted and altered before they are sent on to
the recipient
Replay attack
• Similar to a passive man-in-the-middle attack
• A replay attack makes a copy of the transmission
before sending it to the recipient. This copy is then
used at a later time.
• A simple replay: capturing logon credentials.
http://flylib.com/books/en/4.213.1.24/1/
ARP Poisoning
http://mile2.com/latest-news/arp-poisoning-attack.html
• ARP poisoning is successful because there are no
authentication procedures to verify ARP requests
and replies.
DNS Poisoning
• Substitutes DNS addresses so that the computer is
automatically redirected to another device
• Can be done in two different locations:
• the local host table: TCP/IP host table name system
• UNIX, Linux, and Mac OS X = /etc/
• Windows = windows\system32\drivers\etc
• the external DNS server: exploit a protocol flaw and
convince the authentic DNS server to accept fraudulent
DNS entries sent from the attacker’s DNS server
Privilege escalation
• Exploiting a vulnerability in software to gain access
to resources that the user would normally be
restricted from obtaining.
• Two types:
• a user with a lower privilege uses privilege escalation to
access functions reserved for higher-privilege users
• a user with restricted privileges accesses the different
restricted functions of a similar user
Transitive access
• Involves using a third party to gain access rights
• Attacking other programs that are poorly protected
and that access (and ideally modify) the same
resources on which the application of interest
relies. Thus, this approach is transitive in that it
involves attacking a trusted resource, in order to
attack another target that uses the trusted
resource. [http://catalogue.pearsoned.co.uk/samplechapter/0321375777.pdf]