Author: Xiao A Source: BKJIA
With the frequent occurrence of various Internet-based security attacks, Web security has become a hot topic in the industry. This article describes the Top Ten Causes of Web attacks and the top ten ways to defend against Web threats.
Top 10 causes of Web Attacks
1. Desktop Vulnerabilities
Internet Explorer, Firefox, and Windows operating systems contain many vulnerabilities that can be exploited by hackers, especially when users do not install patches in a timely manner. Hackers can exploit these vulnerabilities to automatically download malware code without the user's consent-also known as hidden download.
2. Server Vulnerabilities
Due to vulnerabilities and Server Management Configuration errors, Internet Information Server (IIS) and Apache network servers are often attacked by hackers.
3. Web server virtual hosting
At the same time, servers hosting several or even thousands of websites are also targets of malicious attacks.
4. Explicit/open proxy
Computers controlled by hackers can be set as proxy servers to bypass URL filtering for communication control, perform anonymous Internet access or act as middlemen for illegal website data streams.
5. HTML can embed objects from completely different servers on the webpage.
Users can access the web page from a specific website, and automatically download objects from legitimate websites such as Google analysis servers; AD servers; malware download websites; or redirect users to malware websites.
6. ordinary users do not know the security status
Most users do not understand the reasons for the three SSL browser checks; do not know how to verify the legitimacy of the Downloaded Program; do not know whether the computer is abnormal; do not use the firewall in the home network; I do not know how to distinguish between phishing and legal web pages.
7. Mobile Code is widely used on websites
Disable JavaScript, Java applets, and ,. NET Applications, Flash, or ActiveX seem to be a good idea, because they all automatically execute scripts or code on your computer, but if these features are disabled, many websites may not be able to browse. This opens the door for poorly-coded Web applications that accept user input and use Cookies, just as in cross-site scripting (XSS. In this case, some data (Cookies) Web applications that need to access other open pages may be messy. Any Web application that accepts user input (blog, Wikis, and comments) may accidentally accept malicious code, which can be returned to other users, unless your input is checked for malicious code.
8. Wide use of all-weather high-speed broadband Internet access
Most enterprise networks are protected by firewalls, and home users without Network Address Translation (NAT) firewalls are vulnerable to attacks and lose their personal information. They act as distributed denial-of-service (DDOS) install a Web server hosting malicious code-home users may not have any doubts about these conditions.
9. general access to HTTP and HTTPS
To access the Internet, you must use the Web. All computers can access HTTP and HTTPS through the firewall (TCP ports 80 and 443 ). It can be assumed that all computers can access the external network. Many programs access the Internet through HTTP, such as IM and P2P software. In addition, these hijacked software opened the channel for sending botnet commands.
10. Use embedded HTML in emails
Because the SMTP Email Gateway restricts email sending to some extent, hackers do not often send malicious code in emails. On the contrary, the HTML in the email is used to obtain malware code from the Web, and the user may not know that a request has been sent to a website.
Protects Web gateways and prevents malware
With Web gateway protection, you can block many Web attacks. Make sure that your secure Web gateway provides:
The URL Filter Function prevents malicious software downloads, telephone transactions, and incorrect input.
Malware scanning function: scans viruses, spyware, malicious Mobile Code (MMC), harmful software, Trojans, botnets, and worms.
Protection for HTTPS communication, not just HTTP and FTP
Checks the payload for the actual file type, rather than trusting the file extension or other file modifications made to circumvent the check
Enhanced SSL browser check
URLs that use IP addresses instead of host names to block access
Only executable and mobile code from trusted websites is allowed
Allows selective access to files in the gray list of executable files of users (such as IT administrators)
Automatically and periodically downloads updates from trusted anti-malware providers multiple times a day
Scalable scanning optimized for network communication because users are sensitive to latency
• Avoid re-scanning duplicate traffic
• Unusual large network downloads (> KB), do not weaken the performance of conventional network communication Scanning
• Do not waste resources to maintain a large number of active TCP connections (<150)
Perform security searches on popular network search engines to avoid malicious software servers.
Provides Scan Engine options to better supplement your desktop Scan
Do not trust web page access through IP Address
It can identify infinite data streams, such as Internet radio broadcast. These data streams will never stop and will never be scanned.
Ten ways to defend against Web threats
1. block access to malware servers
When a desktop user requests an HTTP or HTTPS webpage from an unknown malware server, the request is immediately blocked, saving bandwidth and scanning resources.
2. Restrict mobile code to trusted websites
Mobile Code such as scripts and active code can make the network richer and more interesting, but hackers also penetrate into the desktop computer and run executable code or applications to execute embedded scripts in files.
3. Scan at Web gateway
Do not consider that all your desktops are up-to-date. They are well managed by running anti-virus programs (AVP) or accessing computers. You need to perform a centralized scan before malware attempts to enter your network, rather than before entering the desktop, to easily control all incoming Web communication (HTTP, HTTPS, and FTP ).
4. Use products of different vendors for desktop and Web gateway Scanning
The current attacks were tested against popular AVP before they were released. The diversity of malware scans increases the chance of blocking threats.
5. Regularly update desktop and server Patches
Most attacks and threats spread by exploiting application and system vulnerabilities. Reduces the risk of known vulnerabilities on your computer.
6. Install and update the anti-virus software.
The anti-virus software has been installed as a standard program since the launch of viruses in the boot zone. It is used to check incoming files, scan memory, and current files. Install the latest anti-virus software on any computer running Windows. If "Bad Things" have broken through all other network protection, this is the final line of defense. In addition, anti-virus software can defend against malware that are spread through non-network methods, such as CDs or USB flash memory.
7. access only HTTPS websites that have passed all browser checks
Most users do not understand the importance of the three SSL browser checks, or do not understand the importance of accessing websites that do not pass all the three checks. The SSL check is an expired certificate; the publisher is untrusted; and the Host Name of the certificate does not match the requested URL.
8. Download executable programs from trusted websites only
Social engineering is very active on the Internet! An effective way to publish malware is to bind it to seemingly useful programs. After the execution, the malicious software will do whatever it wants. This type of attack is also called a Trojan Horse attack.
9. Do not access websites that use IP addresses as servers
Recent attacks are increasingly exploiting home computers installed with simple Web servers. The victim's machine is usually directed to a new home computer server through an IP address instead of a DNS host name. The host name is used for URLs of valid websites.
10. Enter the URL carefully to avoid errors
Users never try to access malware websites, but accidents always happen. Incorrectly entering a website address will usually log on to some websites waiting for you to visit. If not all patches are installed in your browser, you may download them to malware during the download process.