Top20 Scan Method

This method will scan the web server for the top 20 vulnerabilities list published by SANS/FBI (www.sans.org). It is a very fast security check but it will certainly produce superficial results. It is recommended for brief security checks. ^[2]

Hacking Tool: WebInspect

• WebInspect is an impressive Web server and application-level vulnerability scanner which scans over 1500 known attacks.

• It checks site contents and analyzes for rudimentary application-issues like smart guesswork checks, password guessing, parameter passing, and hidden parameter checks.

• It can analyze a basic Webserver in 4 minutes cataloging over 1500 HTML pages.

WebInspect enables application and web services developers to automate the discovery of security vulnerabilities as they build applications, access detailed steps for remediation of those vulnerabilities and deliver secure code for final quality assurance testing.

With WebInspect, the developer can find and correct vulnerabilities at their source, before attackers can exploit them. WebInspect provides the technology necessary to identify vulnerabilities at the next level, the Web application.

Network Tool: Shadow Security Scanner

http://www.safety-lab.com

• Security scanner is designed to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet and extranet environments.

• Shadow Security Scanner includes vulnerability auditing modules for many systems and services.

  These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP,LDAP,TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL,IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and more.

These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP, LDAP, TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL, IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and more.

Running on its native Windows platform, SSS also scans servers built practically on any platform, successfully revealing vulnerabilities in Unix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris and, of course, Windows 95/98/ME/NT/2000/XP/.NET. Because of its unique architecture, SSS is the able to detect faults with CISCO, HP, and other network equipment. It is also capable of tracking more than 2,000 audits per system.

The Rules and Settings Editor will be essential for the users willing only to scan the desired ports and services without wasting time and resources on scanning other services. Flexible tuning lets system administrators manage scanning depth and other options to make benefit of speed - optimized network scanning without any loss in scanning quality.

Countermeasures

• IISLockdown:

  • IISLockdown restricts anonymous access to system utilities as well as the ability to write to Web content directories.

  • It disables Web Distributed Authoring and Versioning (WebDAV).

  • It installs the URLScan ISAPI filter.

• URLScan:

  • URLScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator.

UrlScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed . UrlScan helps protect Web servers because most malicious attacks share a common characteristic they involve the use of a request that is unusual in some way. For instance, the request might be extremely long, request an unusual action, be encoded using an alternate character set, or include character sequences that are rarely seen in legitimate requests. By filtering unusual requests, UrlScan helps prevent such requests from reaching the server and potentially causing damage.

Summary

• Web servers assume critical importance in the realm of Internet security.

• Vulnerabilities exist in different releases of popular web servers and respective vendors patch these often.

• The inherent security risks owing to compromised web servers have impact on the local area networks that host these web sites, even the normal users of web browsers.

• Looking through the long list of vulnerabilities that had been discovered and patched over the past few years provide an attacker ample scope to plan attacks to unpatched servers.

• Different tools/exploit codes aids an attacker perpetrate web server hacking.

• Countermeasures include scanning, for existing vulnerabilities and patching them immediately, anonymous access restriction, incoming traffic request screening and filtering.