Web Server and Database Security: Passwords, CGI, Buffer Overflows, and Firewalls, Slides of Fundamentals of E-Commerce

Various security threats to web servers and databases, including the use of username/password pairs, cgi scripts, buffer overflows, and the importance of securing the server through access control and firewalls. It also touches upon best practices for password selection and the role of firewalls in protecting networks.

Typology: Slides

2012/2013

Uploaded on 07/29/2013

sharad_984
sharad_984 🇮🇳

4.5

(13)

129 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Entering passwords
• Web servers that require usernames and passwords
can compromise security by revealing them.
• Because the Web server needs the information as
it moves from page to page, it may place that in
a cookie on the client’s machine.
• The server must be careful not to request that the
cookie be transmitted unprotected.
Docsity.com
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Web Server and Database Security: Passwords, CGI, Buffer Overflows, and Firewalls and more Slides Fundamentals of E-Commerce in PDF only on Docsity!

Entering passwords

  • Web servers that require usernames and passwords

can compromise security by revealing them.

  • Because the Web server needs the information as

it moves from page to page, it may place that ina cookie on the client’s machine.

  • The server must be careful not to request that the

cookie be transmitted unprotected.

Username/password pairs

  • Web servers may keep files with username/password

pairs to use for authentication.

  • If these files are compromised then the system can be

attacked by people masquerading as others.

  • Users who choose passwords badly also pose a threat

to Web server security. Passwords that are easilyguessed, such as birth dates, child or pet names, arepoor choices.

  • Administrators often run programs that attempt to

guess users’ passwords as a preventative measure.

CGI threats

  • CGI implements the transfer of information from

a Web server to another program.

  • Like Web servers, CGI scripts can be set to run

unconstrained (with high privilege).

  • Defective or malicious CGI scripts can access or

destroy sensitive information.

  • Old CGI scripts that have been replaced can be

loopholes for access into the system.

  • CGI scripts can reside anywhere and are difficult

to track.

Buffer overflows

• A

buffer

is an area of memory set aside to hold

data read from a file or database.

  • Buffers are necessary because I/O operations are

much slower than CPU operations.

  • Buffer overflows, either from a buggy program

or as part of a deliberate attack, can result in:– A computer crash– Instructions for an attacking program being

written into the return address save areacausing it to be run by the Web server CPU

Access control

  • Authentication via digital certificates and signatures.• Usernames/passwords
    • Usernames are stored as clear text– Passwords are stored as encrypted text– A password entered is encrypted and compared

against the encrypted password.

  • An access control list gives the users that can access

certain files and folders in the system.Read, write, and execute permissions may be setseparately.

Firewalls

  • All traffic from the outside must pass through it.• Only authorized traffic is allowed to pass.• The firewall should be immune to attack.• Operates at the application layer.•^ Trusted

networks are inside;

untrusted

ones outside.

  • Can be used to separate divisions of a company.• The same policies should apply to all firewalls.• Unnecessary software should be stripped off.