Top 10 causes of Web attacks and ten ways to defend against them (1)

Bkjia.com comprehensive report: with the frequent occurrence of various Internet-based security attacks, Web security has become a hot topic in the industry. This article describes the Top Ten Causes of Web attacks and the top ten ways to defend against Web threats.

Top 10 causes of Web Attacks

1. Desktop Vulnerabilities

Internet Explorer, Firefox, and Windows operating systems contain many vulnerabilities that can be exploited by hackers, especially when users do not install patches in a timely manner. Hackers can exploit these vulnerabilities to automatically download malware code without the user's consent-also known as hidden download.

2. Server Vulnerabilities

Due to vulnerabilities and Server Management Configuration errors, Internet Information ServerIIS and Apache network servers are often used by hackers.

3. Web server virtual hosting

At the same time, servers hosting several or even thousands of websites are also targets of malicious attacks.

4. Explicit/open proxy

Computers controlled by hackers can be set as proxy servers to bypass URL filtering for communication control, perform anonymous Internet access or act as middlemen for illegal website data streams.

5. HTML can embed objects from completely different servers on the webpage.

Users can access the web page from a specific website, and automatically download objects from legitimate websites such as Google analysis servers; AD servers; malware download websites; or redirect users to malware websites.

6. ordinary users do not know the security status

Most users do not understand the reasons for the three SSL browser checks; do not know how to verify the legitimacy of the Downloaded Program; do not know whether the computer is abnormal; do not use the firewall in the home network; I do not know how to distinguish between phishing and legal web pages.

7. Mobile Code is widely used on websites

Disable JavaScript, Java applets, and ,. NET Applications, Flash, or ActiveX seem to be a good idea, because they all automatically execute scripts or code on your computer, but if these features are disabled, many websites may not be able to browse. This opens the door for poorly-coded Web applications that accept user input and use Cookies, just like XSS. In this case, some data Cookies that need to access other open pages will be confused. Any Web application blog, Wikis, and comments that receive user input may accidentally accept malicious code, which can be returned to other users, unless your input is checked for malicious code.

8. Wide use of all-weather high-speed broadband Internet access

Most enterprise networks are protected by firewalls, without Network Address Translation (NAT). Family users of firewalls are vulnerable to attacks and lose their personal information. They act as distributed denial-of-service (DDOS) botnets; install a Web server hosting malicious code-home users may not have any doubts about these conditions.

9. general access to HTTP and HTTPS

To access the Internet, you must use the Web. All computers can access HTTP and HTTPSTCP ports 80 and 443 through the firewall ). It can be assumed that all computers can access the external network. Many programs access the Internet through HTTP, such as IM and P2P software. In addition, these hijacked software opened the channel for sending botnet commands.

10. Use embedded HTML in emails

Because the SMTP Email Gateway restricts email sending to some extent, hackers do not often send malicious code in emails. On the contrary, the HTML in the email is used to obtain malware code from the Web, and the user may not know that a request has been sent to a website.