Web Service Security-host Threats and Countermeasures

Host Threats and Countermeasures
Host threat System Software for building applications. This includes Windows 2000, Internet Information Service (IIS),. NET Framework, and SQL Server 2000. Which of the following depends on a specific server role. Major host-level threats include:

1: virus, Trojan Horse, and worm 2: footprint 3: Profiling 4: password cracking 5: Denial of Service 6: Arbitrary Code Execution 7: Unauthorized Access
1 Viruses, Trojans, and worms
2 Virus is a designProgramIt performs malicious behaviors and destroys the operating system or application. In addition to maliciousCodeA Trojan Horse is a virus that appears to be a harmless data file or executable program. Apart from being able to copy itself from one server to another, the worm is similar to a Trojan horse. Worms are hard to detect because they do not regularly create visible files. Generally, you can only pay attention to them when they start to consume system resources, because the system is slow or other programs are stopped. The red-code worm is the most widely used worm that attacks IIS. It relies on the buffer overflow vulnerability in a specific ISAPI filter.
3
4 Although these three threats are real attack techniques, they pose significant threats to Web applications, the hosts where these applications are located, and the networks used to transmit these applications. Through many defects, such as default vulnerabilities, software errors, user errors, and inherent Internet Protocol defects, these attacks may succeed on any system.
5
6 Countermeasures against viruses, Trojan horses, and worms include:
7
8 • Maintain the latest operating system service packages and software patches.
9  
10 • Block all unnecessary ports of the firewall and host.
11  
12 • Disable unused features, including protocols and services.
13  
14 • Reinforce vulnerable default configuration settings.
15  
16
17 Footprint
18 The footprint examples include port scanning, Ping scanning, and NetBIOS enumeration. Attackers can collect valuable information at the system level to help prepare more serious attacks. Potential information types revealed by footprint include account details, operating system and other software versions, server names, and database architecture details.
19
20 Countermeasures to help prevent footprints include:
21
22 • Disable redundant protocols.
23  
24 • Use the appropriate firewall configuration to lock the port.
25  
26 • Use TCP/IP and IPSec filters for further protection.
27  
28 • Configure IIS to prevent leakage information from being captured by titles.
29  
30 • Configure IDS to obtain the footprint mode and reject suspicious information flows.
31  
32
33 Password cracking
34 If the attacker cannot establish an anonymous connection with the server, he or she will try to establish a verification connection. Therefore, attackers must know a valid combination of usernames and passwords. If you use the default account name, you can give the attacker a smooth start. Then, the attacker only needs to crack the account password. Using a blank or fragile password can make it easier for attackers to work.
35
36 Measures to help prevent password cracking include:
37
38 • Strong passwords are used for all account types.
39  
40 • Use a locking policy for the end user account to limit the number of times the password is retried.
41  
42 • Do not use the default account name to rename standard accounts, such as administrator accounts and anonymous Internet user accounts used by many web applications.
43  
44 • Logon attempts that fail to be reviewed and password hijacking attempts are obtained.
45  
46
47 Denial of Service
48 You can achieve Denial-of-Service in multiple ways, targeting several goals in the infrastructure. On the host, attackers can attack the application to destroy the service, or they can know the defects of the application in the Host Service or the operating system of the running server.
49
50 Countermeasures to prevent Dos include:
51
52 • DOS should be considered when configuring applications, services, and operating systems.
53  
54 • Always use the latest patches and security updates.
55  
56 • Enhance the TCP/IP stack to prevent DoS attacks.
57  
58 • Make sure that the account lock policy cannot be used to lock recognized service accounts.
59  
60 • Be sure that the application can process high-traffic information and this threshold value is suitable for handling exceptional loads.
61  
62 • Check the Failover function of the application.
63  
64 • Use IDs to detect potential DoS attacks.
65  
66
67 Arbitrary Code Execution
68 If attackers can execute malicious code on your server, attackers can either damage server resources or further attack downstream systems. If the server process where the attacker's code runs is beyond the authority of execution, the risk of arbitrary code execution will increase. Common Defects include vulnerable IID configurations and unpatched servers that allow traversal of paths and buffer overflow attacks, both of which can cause arbitrary code execution.
69
70 Countermeasures to prevent arbitrary code execution include:
71
72 • Configure IIS to reject URLs with "../" to prevent path traversal.
73  
74 • Use a strict ACL to lock system commands and utilities.
75  
76 • Use the latest patches and updates to ensure that the latest buffer overflow is patched as soon as possible.
77  
78
79 Unauthorized access
80 Insufficient access control may allow unauthorized users to access restricted information or perform restricted operations. Common Defects include vulnerable IIS Web access control, Web permissions, and vulnerable NTFS permissions.
81
82 Countermeasures to help prevent unauthorized access include:
83
84 • Configure Secure Web permissions.
85  
86 • Use the restricted NTFS permission to lock files and folders.
87  
88 • Use the. NET Framework access control mechanism in ASP. NET applications, including URL Authorization and primary permission declarations
89