20 July 2012

Do You Know Web Security

Overview of Web Security

Web security is abut securing your web application from various types of network. This is important because web security is vital for most organizations that use website as a critical system  that carry various transactions over the Internet. Internet is a platform to share and access information where millions of people and computers are connected together, all over the world. There are certain issues on security in the web or Internet. Main issues related to web security :-

  • How secure are the systems on the web that controls the exchange of information?
  • How secure are the systems on the web that stores the information on different systems?
  • How to secure the database that stores confidential and sensitive information?

Architecture of Web

The architecture of comprises a client, DNS (Domain Name Server) server, Web server and the network to connect those servers.
Three important areas need to be secured on the web are:-

  • Client.
  • Server.
  • Network.
A request sent by a client by typing a URL (Uniform Resource Collector) in the web browser to the server.
The request is sent to the DNS server by default. The DNS server then translates the request of client's domain name in the URL to the IP (Internet Protocol) address of the website. Using that IP address, a connection is established and a request is sent to the web server from the web page. The client received the requested web page from the web servers. The browser displays that web page on the console of the screen.

A web should be secured from revelation, obliteration, or modification of information. Web security concepts and main purpose is about:-

  • Confidentiality.
  • Integrity.
  • Availability .
  • Authentication.

Common Threats on Web

  • Threats on the client side.
  • Threats on the server side.
  • Network threats.

Threats on the Client Side

Many computers on the client side are vulnerable to attacks like viruses, worms, Trojan horses, and so on that are created by hackers, crackers, or due to malicious codes.

Threats on the Server Side

Data available on web servers is exposed to unauthorized access. If an intrusion occurs on the web server, it could lead to reduction in speed or it might crash the server.

Network Threats

Lost of information mainly due to the network improper security. Networks with weak security are vulnerable to hackers, they usually attack networks that are not properly secured and can steal the resources of the computer by altering or tampering the data transferred from the source system to the destination system.

Identity Theft

Identity theft is a serious threat considered a crime and fraud. Identity theft is an abuse by an unknown person who uses another's identity as their own. Identity theft can occur in different forms. Important types of identity theft include:
  • Financial fraud.
  • Criminal activities.

Spam Mail

The tern spam can refer to any commercially driven, unwanted bulk mailing that is unnecessary and undesired. The most common form of spam is transmitted in the form of email in commercial advertising. Spammers have developed a range of spamming techniques, which differ by media: email spam, instant messaging spam, usenet newsgroup spam, web search engine spam, weblogs spam, and mobile messaging spam.

Email spam is the most widely spread form of spamming on the Internet. It comprises of transmitting the identical or nearly identical unwanted messages to a huge number of receivers. Contrary to the legitimate commercial email, spam is commonly spread without the open permission of the recipients, and commonly contains different tricks to bypass email filters. Computers are generally incorporated with some ability to send spam mails. The only required additional ingredient is the list of addresses to target. Spammers acquire email addresses through a variety of means: gathering addresses from usenet postings, DNS listings, or web pages; guessing common names at familiar domains, otherwise known as a dictionary attack; "e-pending" or searching for email addresses matching to specific people, such as web pages, although it is possible to deceive the web spider by replacing the "@" symbol with another symbol, for example "#", during posting an email address. Many email spammers take any amount of risk to hide the origin of their messages. They can achieve this by spoofing email addresses, which is similar to Internet Protocol spoofing. In this method, the spammer alters the email message; therefore it appears like it is originating from another email address.

Distributed Denial of Dervice Attacks

Distributed Denial of Service (DDoS) attacks involve compromising computers and installing an application that initiates packet flooding to a target system. The primary goal of a DDoS attack is to access the systems with administrative privileges.

The intruders send certain script, which runs on targeted machines and result in identifying the vulnerabilities in the system. These systems are used as servers that destroy other system's resources. If the attacker gets control over the system, they run a code on that system to attack it.

DDoS attacks are simple to perform and allow many attackers to gain access by using such an attack. These attacks damage important information and cause Internet failures and disturb services to a great extent. The attack aims to create disaster over a wide area of systems on the network by damaging the resources of the network and halting the services to the computers on the Internet. Initially, the intruder attacks certain systems and halts services to these systems. These systems are known as 'primary victims'. These victim computers are used for further destruction of the systems, which are known as the secondary systems. The use of secondary victims is to create a wide range of DDoS attacks, where the actual intruder cannot be identified. 

The system's primary victims and secondary victims create a network of systems that spread the DDoS attack. So, identifying the original IP address of these attacks becomes impossible. If a single attack is made against an organization, it can restrict that particular Ip from entering through the firewall. But if large number of attempts of DDoS is made, they create number of computers to act as platforms for consuming of the assets of the network. The intruder can attack from different places by using the computers as agents in different parts of the network.
                                             To be continued


  1. Salam, Fatini dah massukkan dalam Bloglist Ramadhan. Selamat berpuasa yee:)


Thank you.