Questions:
The company’s CIO requires your solution design to cover below requirements:
1. Implementing ModSecurity with rules in place to protect the apache web server against SQL injection and Cross site scripting. (ModSecurity rules must be configured and included in the device configuration summary table.)
2. Identifying at least 6 possible threats towards the CentOS Linux Server. You must also provide solutions to those threats.
3. Identifying at least 6 threats towards the Apache web servers (other than SQL injection and Cross site scripting which is part of the first requirement). You must also provide solutions to those threats.
4. Identifying at least 4 threats towards the network and protecting the network by implementing security solutions
5. Including at least one test machine in your design to be able to test your security design.
Answer:
Introduction
In the modern internet, all the business is going toward the smart business. For achieving that company uses the internet services. In this assignment a company they are market leaders in textile business. They have very famous brand name “WEAR IT ON”. They also are plans to implement the web server on the company for improving their business. They already have the Apache-2.0 with Linux based server operating system. They appoint the trainee for manage the network administration purpose. But the trainee doesn’t have the great understanding of the project. During the general inspection they found that there was a flaw in the network systems. Someone tried to perform the TCP scan on the server for attack the network system. This problem was occurred when the server was connected with internet. The report contains the details about the process involved in the network system implementation in this company. Here the main objective was to find out the different kind of flaws in the network systems .The required anti attack actions are also discussed in the report.
Network design
During the development of the web based servers by the company the main problem was it can be accessed by the attacker. So it may be misused by the attackers. So the network design that must provide the security for the server that acts as the companies’ w
eb server. On the network there are many antivirus servers are available. They are used to provide the security for the servers. The routers installed in the company were acts as the default gate way for the internet. Here the entry as well as exit point was called as the gate way. So all the data come into server and also send to other devices by the server uses the gateway.
So we need to improve the security by providing the firewalls to servers. Here the server was placed between the two firewalls. They are known as internal firewall as well as external firewall. They give protection against internal attacks as well as external attacks. This process was known as the Demilitarized zone. Also the proxy servers are implemented to control the public access. These are the security measures they are planned for implement in the company network system.
- Modsecurity
Its name describes about the function of this firewall. This is the commonly used web based firewall application by the development of the security in the servers. It has the open source access which means any one can make the changes in the software based on their purpose of use. When it’s starting period they are mostly used to with HTTP service for providing the security to the data. But it was implemented as the full security purpose. There are some other tools are also used for the same purpose. And they are NGINX & IIS. But this software has the capability to handle the large no of groups because it was open source access. For that tool there are huge no of rules as well as policies are made. And also they are verified. They are known as “Sec Rules”. This software used in the web server as the additional application. For some requirements they act similar to the proxy servers. Here we would see about the various actions which are performed by this application was listed below. And they are,
Monitor the security of the server
• Provides access control to the users
• to log into the HTTP services
• Perform the security checking periodically
• Acts as the both Active security assessment as well as passive security assessment
• to do security auditing works
• Limit the memory consumed during the data downloading as well as uploading
• Create the server identification mask
Mod Security against SQL injection
It is easy to prevent the code. Mod security of the response in the access of the body it is simply adding the rules for opening the tag of PHP.
The Perl and JSP code has prevent the work in a common manner.
Directory traversal attacks are normal web servers that are access any data but in root directory of the web server and configured to avoiding the attempts of web server. The many web servers are difficult to attack, the user are accept the web application but they are not properly checked, but partially user can use the file and cannot view the file in the directory traversal attacks. Modsecurity against the sort of attacks Vulnerability are against of the protections by a defense in depth principle.
Mod Security against Cross Site Scripting
Cross site scripting is the major part to prevent attack of the XSS that data are given to all and web page has the complete output. That is changing the unprotected character like brackets related with HTML entity versions. Mod security has directive Sec Pdf Protect to describe. These directives has configure with by mod security of XSS.
The XSS protection has configured and uses the Secret String to produce the tokens for one time. The secpdfprotectTokenName are used in the token arguments to change.
Threats towards the apache web servers
6.1 Fire starter utilization
An nmap scan tool is used to scan the networks and also some actions are performed. Using nmap tools the open ports and services in the devices are scanned. The tool attackers get the permission from nmap, to access the ports
Mitigation
Fire starter is known as one of the firewall in the system and it is used to obtain the nmap scan tool and reports. All the traffics in the network are blacklisted by this firewall. The traffics are in two types one is incoming traffic and another one is outing traffic.
Firewall events after nmap scan from the attacker
Inside attacker
GUI attack
In Cent operating system using the graphical user interface attacker can get the permission to access data stored in the server
Mitigation
This problem was resolved by editing the inittab files and then changes the parameter to the
id 3: initdefault
Command line interface mode
Two various branches are used in same industry. Inside the industry no of users are available. These users are located in between two various branches. The other branches are also affected by the attackers. The attackers have an ability to attack other branches also. Different types of protocols are used. Secure shell protocol, and file transfer protocol is the type of protocol.
Mitigation
In mitigation the following commands are used to edit the performance of the system.
- allow
- deny
Unwanted ports liability
Nessus report is used to contain the details about the protocols. We are using different types of TCP and UDP ports in this report. In web server, the servers are scanned by nmap tools. Nessus are used in web server. Using nmap tools the details are identified. So the user can able to get the information easily: (Prayogo, Kushartantya and Wibawa, 2012).
Mitigation- IP tables
The IP table administrator is used to control the data received from unknown parts. In IP table provide some rules and regulations. Suppose we want to accept or reject the data packets follow the rules.
Secure shell access liability
SSH stands for secure shell systems. In this system the attackers are freely access the system using root credentials from externally.
Mitigation
Sometimes the root permissions are disable, then the SSH services are not perform well. And also the creation of secondary user faces some problems. The only way to avoid the problems access the SSH services. The sshd_config files are modified by using the commands. We need to restart the system before the modified parameters are used
The additional users are needed, ‘permitrootlogin no’ command is used.
Secure shell liability
These kinds of problems are generated by using Linux based server. So for that we have to upgrade the latest version.
Mitigation
This is the process of changing the total sshd_config and protocols and then the system need to be restart for activate the new versions.
Threads towards the network
TCP SYN FLOODS
The TCP connection is accepted or rejected the only responsible is TCP hand shake. So using TCP hand shake the TCP connection will be accepted or rejected. The attackers use the SYN floods for spoof the IP address. In the SYN packet header, the IP address is spoofed by SYN floods. SYN/ACK packets are sending by the server. The process was continuing until all the files are executed successfully. Finally the files are completely executed then send the backlog line.
If the connections are established, it means the actions are performed correctly. Next we can consider the mitigation process. The process of mitigation done by TCP SYN FLOOD PROTECTION.
NMAP protection
The TCP scanning operations are done by NMAP tools. Attacker use the NMAP tool for performs the identification of TCP scanning. The NMAP tools have ability to check the server is portable or not. Using this tool we can easily identify the vulnerability for the attack.
Mitigation
Mitigation is a tool to perform the identification operation of TCP sacking. The TCP scanning is attempted by the attackers. Using mitigation we can easily find out all the exposed part of the server.
The above fig shows the message can be found in/var/log/message file.
Honeyd
Honeyd is a tool. Its acts like a limitation of the Linux server. These tools are used to create the snare. So in the system the unexpected actions are performed. And also identify the actions in the system. Virtualization tool must use this kind of tools, honeyd tool support the virtualization technique. So the real serves are implemented it need some more additional security.
IP Spoofing
The attackers are affecting the centos server. So we need to protect the centos from the attackers. The attackers create the duplicate IP address. Duplicate IP address is created by IP spoofing method. Following section contain the protection of mitigation – IP spoofing.
Mitigation – IP spoofing protection
Firewall polices and IPS/IDS policies
The following table explains the security devices
Firewall Policies
IDS Policies
Apache Web Server Summary
Conclusion
The security threats of the Cent operating systems were identified at the end of this study. And also it is used to secure the network from the attackers. All the information’s are included in the report clearly.
References
Agrawal, A. and Khan, R. (2009). Measuring the vulnerability of an object-oriented design. Network Security, 2009(10), pp.13-17.
Agrawal, S. and Gupta, R. (2014). Development and Comparison of Open Source based Web GIS Frameworks on WAMP and Apache Tomcat Web Servers. ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences, XL-4, pp.1-5.
Byrne, P. (2006). Application firewalls in a defence-in-depth design. Network Security, 2006(9), pp.9-11.
Dalai, A. and Jena, S. (2017). Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications. Security and Communication Networks, 2017, pp.1-12.
Guidelines for Securing Apache Web Servers. (2002). Network Security, 2002(12), pp.8-14.
Iyer, R. (2004). Characterization and Evaluation of Cache Hierarchies for Web Servers. World Wide Web, 7(3), pp.259-280.
Jang, Y. and Choi, J. (2014). Detecting SQL injection attacks using query result size. Computers & Security, 44, pp.104-118.
Kar, D., Panigrahi, S. and Sundararajan, S. (2016). SQLiDDS: SQL injection detection using document similarity measure. Journal of Computer Security, 24(4), pp.507-539.
LIANG, S. and KAN, H. (2013). Practically Feasible Design for Convolutional Network Code. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E96.A(9), pp.1895-1900.
Mahrouqi, A., Tobin, P., Abdalla, S. and Kechadi, T. (2016). Simulating SQL-Injection Cyber-Attacks Using GNS3. International Journal of Computer Theory and Engineering, 8(3), pp.213-217.
Masri, W. and Sleiman, S. (2015). SQLPIL: SQL injection prevention by input labeling. Security and Communication Networks, 8(15), pp.2545-2560.
Morgan, D. (2006). Web application security – SQL injection attacks. Network Security, 2006(4), pp.4-5.
Nikolaidis, I. (2004). Network Systems Design Using Network Processors [Book Review]. IEEE Network, 18(3), pp.5-5.
Secure VPN Design Considerations. (2003). Network Security, 2003(5), pp.5-10.
Ullrich, J. and Lam, J. (2008). Defacing websites via SQL injection. Network Security, 2008(1), pp.9-10.
Hein, D., Morozov, S. and Saiedian, H. (2011). A survey of client-side Web threats and counter-threat measures. Security and Communication Networks, 5(5), pp.535-544.
Kothari, B. and Claypool, M. (2001). Dynamic Web pages: performance impact on Web servers. Internet Research, 11(1), pp.18-25.
Schultz, E. (2003). Attackers hit Web hosting servers. Computers & Security, 22(4), pp.273-283.