Analysis of Two Apache Security Problems in RHEL

As we all know, security is the most important issue in all walks of life. It is no exception in the RHEL system. In this article, we have analyzed the two Apache Security Issues in RHEL. I have summarized the two security issues of RHEL Apache in detail. Let's take a look at the two security issues of RHEL Apache.

To protect Web servers from malicious attacks and damages, the first step is to understand and identify the security risks it faces. Previously, Web sites only provided static pages, so there were few security risks. The only way for a malicious attacker to access such websites is to obtain illegal access permissions.

1. HTTP Denial of Service (DoS), one of the two major security issues of RHEL Apache
Attackers use some methods to make the server refuse to respond to HTTP requests. This results in a sharp increase in the CPU time and memory usage of Apache system resources, resulting in system slowdown or even complete paralysis. The biggest drawback of Apache server is that its popularity makes it the target of the public. Apache servers are constantly threatened by DoS attacks. It mainly includes the following forms.

1. Packet flood attacks
A Method to interrupt the server or local network is packet flood attacks, which usually uses Internet Control Packet protocol ICMP) packets or UDP packets. In the simplest form, these attacks overload the server or network, which means that the hacker's network speed must be faster than the target network speed.

The advantage of using UDP packets is that no packets are returned to the hacker's computer. The advantage of using ICMP packets is that hackers can make attacks more varied, and sending defective packets will mess up and lock the victim's network. The current popular trend is that hackers fool the target server to believe that it is under flood attacks from itself.

2. Disk attacks
This is a more cruel attack. It not only affects the communication between the target computer, but also damages its hardware.
Counterfeit user requests use write commands to attack the hard disk of the target computer, so that it exceeds the limit and is forcibly disabled. This is not just damage, but the victim will suffer misfortune, because the information will be temporarily inaccessible or even lost.

3. Route inaccessibility
Generally, DoS attacks are concentrated on routers. Attackers first gain control and manipulate the target machine. When attackers can change the route table entries of A vro, the entire network is inaccessible.
This type of attack is very sinister, because it is often puzzling at the beginning. After all, your server will soon become invalid, and when the entire network is inaccessible, there are still many reasons for further review.

4. Distributed Denial of Service Attack
The most threatening attack is Distributed Denial of Service (DDoS ). When many bastion hosts are infected and initiate Denial-of-service attacks to your servers, you will be scarred. Reproductive attacks are the worst, because the attack program will not spread through manual interference. Apache servers are particularly vulnerable to attacks, including distributed denial-of-service attacks and hidden source attacks. Why? Because Apache servers are everywhere.

There are countless Apache servers distributed on the world wide, so the viruses customized for Apache, especially the SSL worms, are lurking on many hosts. The bandwidth is now abundant, therefore, there is a lot of space for hackers to manipulate. Worms use the server code vulnerability to install themselves on the Apache server through SSL handshake. Hackers use buffer overflow to install a forged key on the server for servers running OpenSSL earlier than 0.9.6e ).

Attackers can execute malicious code on infected hosts. With many such viruses, the next step is to launch a massive distributed denial-of-service attack on a specific target. By spreading such worms to a large number of hosts, large-scale point-to-point attacks can be carried out, causing irreparable losses to the target computer or network.

Ii. RHEL Apache two major security questions II Buffer Overflow
Attackers use some defects in CGI programming to make the program deviate from the normal process.
The program uses the static allocated memory to store request data. attackers can send an ultra-long request to overflow the buffer. For example, some Perl gateway scripts for processing user requests. Once the buffer overflow occurs, attackers can execute malicious commands.

The above is my personal analysis on the two security issues of RHEL Apache. I hope it will help you with the two security issues of Apache in RHEL.

1. Set up the Samba server of ORACLE11g with RHELRHEL 5
2. Rhelrhel ftp Server SETUP steps and Problem Analysis (1)
3. RHELRHEL 5 is a perfect combination of FTP
4. Problem Analysis: in this way, use RHELRHEL 4 to configure Postfix in four perfect steps
5. Seven steps for RHEL to set up RHEL4 system Sendmail