CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [68]
Website Cloaking is the ability of a web server to display different types of web pages based on the user' s IP address.
Understand Patch Management Techniques
Patch management is the process of updating appropriate patches and hotfixes required by a system vendor. Proper patch management involves choosing how patches are to be installed and verified, and testing those patches on a nonproduction network prior to installation.
You should maintain a log of all patches applied to each system. To make patch installation easier, you can use automated patch-management systems provided by PatchLink, St. Bernard, Microsoft, and other software vendors to assess your systems and decide which patches to deploy.
Hacking Tools
N-Stalker Web Application Security Scanner allows you to assess a web application for a large number of vulnerabilities including cross-site scripting, SQL injection, buffer overflow, and parameter-tampering attacks.
The Metasploit framework is a freeware tool used to test or hack operating systems or web server software. Exploits can be used as plug-ins, and testing can be performed from a Windows or Unix platform. Metasploit was originally a command-line utility, but it now has a web browser interface. Using Metasploit, hackers can write their own exploits as well as utilizing standard exploits.
CORE IMPACTand SAINT Vulnerability Scanner are commercial exploit tools used to test and compromise operating systems and web server software.
Describe Web Server Hardening Methods
A web server administrator can do many things to harden a server (increase its security). The following are ways to increase the security of the web server:
■ Rename the administrator account, and use a strong password.
■ Disable default websites and FTP sites.
■ Remove unused applications from the server, such as WebDAV.
The IIS Unicode exploit is an outdated vulnerability and is presented in this text as a proof of concept-that is, proof that the vulnerability exists and can be exploited.
■ Disable directory browsing in the web server's configuration settings.
■ Add a legal notice to the site to make potential attackers aware of the implications of hacking the site.
■ Apply the most current patches, hotfixes, and service packs to the operating system and web server software.
■ Perform bounds-checking on input for web forms and query strings to prevent buffer overflow or malicious input attacks.
■ Disable remote administration.
■ Use a script to map unused file extensions to a 404 ("File not found") error message.
■ Enable auditing and logging.
■ Use a firewall between the web server and the Internet and allow only necessary ports (such as 80 and 443) through the firewall.
■ Replace the GET with POST method when sending data to a web server
Web Application Vulnerabilities
In addition to understanding how a hacker can exploit a web server, it's also important for a CEH to be familiar with web application vulnerabilities. In this section, we'll discuss how web applications work, as well as the objectives of web application hacking. We'll also examine the anatomy of a web application attack and some actual web application threats. Finally, we'll look at Google hacking and countermeasures you should be familiar with.
Understanding How Web Applications Work
Web applications are programs that reside on a web server to give the user functionality beyond just a website. Database queries, webmail, discussion groups, and blogs are all examples of web applications.
A web application uses a client/server architecture, with a web browser as the client and the web server