View WEB application protection from common hacker attack methods

Currently, Web technology is widely used by customers and servers. As a result, hackers are increasingly attacking Web application cities by using various attack methods, that is, they bypass conventional protection methods such as firewalls, it also makes the attack methods easier and more diversified, making it difficult to prevent.

There is a reason why hackers generally use Web Attacks:

1. Server Vulnerabilities

Due to vulnerabilities and Server Management Configuration errors, Internet Information Server (IIS) and Apache network servers are often attacked by hackers.

2. Web server virtual hosting

At the same time, servers hosting several or even thousands of websites are also targets of malicious attacks.

3. Explicit/open proxy

Computers controlled by hackers can be set as proxy servers to bypass URL filtering for communication control, perform anonymous Internet access or act as middlemen for illegal website data streams.

4. HTML can embed objects from completely different servers on the webpage.

Users can access the web page from a specific website, and automatically download objects from legitimate websites such as Google analysis servers; AD servers; malware download websites; or redirect users to malware websites.

5. The common client may be a hacker's test source.

Internet Explorer, Firefox, and other browsing areas and Windows operating systems contain many vulnerabilities that can be exploited by hackers, especially when users do not install patches in a timely manner. Hackers can exploit these vulnerabilities to automatically download malware code without the user's consent-also known as hidden download. Therefore, they may often become controlled by hackers, which brings risks to your Web applications while accessing your website.

6. Various mobile codes and cross-site scripts are widely used on websites.

Disable JavaScript, Java applets, and ,. NET Applications, Flash, or ActiveX seem to be a good idea, because they all automatically execute scripts or code on your computer, but if these features are disabled, many websites may not be able to browse. This opens the door for poorly-coded Web applications that accept user input and use Cookies, just as in cross-site scripting (XSS. In this case, some data (Cookies) Web applications that need to access other open pages may be messy. Any Web application that accepts user input (blog, Wikis, and comments) may accidentally accept malicious code, which can be returned to other users, unless your input is checked for malicious code.

7. General access to HTTP and HTTPS

To access the Internet, you must use the Web. All computers can access HTTP and HTTPS through the firewall (TCP ports 80 and 443 ). It can be assumed that all computers can access the external network. Many programs access the Internet through HTTP, such as IM and P2P software. In addition, these hijacked software opened the channel for sending botnet commands.

8. embedded HTML is used in emails.

Because the SMTP Email Gateway restricts email sending to some extent, hackers do not often send malicious code in emails. On the contrary, the HTML in the email is used to obtain malware code from the Web, and the user may not know that a request has been sent to a website.

We can see from the common attack directions of the above hackers that, in order to avoid making us the target of these hackers, we need a device dedicated to comprehensive protection against Web applications, deploy a three-dimensional protection layer to automatically and intelligently identify and defend against these attacks. Instead of using one or more traditional passive protection gateways with fixed policies or fixed attack feature libraries.

The emergence of the WEB application firewall is dedicated to solving this problem. The application firewall processes the application layer by executing requests within the application session, it protects Web application communication streams and all related application resources from attacks by exploiting Web protocols or application vulnerabilities. The application firewall can block browser and HTTP attacks that use application behavior for malicious purposes. Some powerful application firewalls can even simulate a proxy as a website server to accept application delivery, the image is equivalent to adding a safe insulation housing to the original website.

We use the Barracuda-NC application firewall, which is widely used in the industry. It can effectively defend against Web application layer attacks that cannot be detected by the following general methods:

Implant malicious scripts

Cookie/Session poisoning

Form/hide field Modification

Cache Overflow

Parameter tampering

Cross-Site Scripting

Forced browsing/directory Detection

SQL Injection/Command Injection

Data theft/identity theft

Known vulnerability attacks/Zero Day Vulnerability attacks

Application Dos

During work, Barracuda-NC application firewall has the advantages of application-layer detection and state-based network firewall,

· Complete application data entry check, HTTP header rewriting, and forced HTTP protocol compliance to prevent various attacks and permissions exploiting protocol vulnerabilities;

· Complete Knowledge of expected data (Complete Knowledge of expected values) system to prevent various forms of SQL/Command Injection and cross-site scripting attacks;

· Real-time policy generation and execution: Define corresponding protection policies based on your applications, instead of predefined defense policies by the same manufacturer, and seamlessly build your applications, will not cause any application distortion.

 

In addition, it can make your Web application fully invisible, because even if hackers are magical, they cannot attack invisible things. Barracuda-NC application firewall protects external websites, you can hide the real Web server type, application server type, operating system, version number, version update level, known security vulnerabilities, real IP addresses, and internal workstation information to make it invisible and invisible to hackers, if it cannot be detected, there is naturally no way to guess analysis and attack. The following is the result of a common scanning tool scanning websites hidden by the Barracuda-NC application firewall.

 

At the same time, it can also identify various crawling probe programs and only allow normal search engine crawlers to access them. It can defend against hacker crawling programs outside the door, so that hackers who want to determine the target of the attack can be completely unlocked.