Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template=%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63 %2f%70%61%73%73%77%64
This request is made up of:
.%2e%2e%2f%2e%2e%2f%2e%2e%2f = ../../../
.%65%74%63 = etc
.%2f = /
.%70%61%73%73%77%64 = passwd
.
How would you protect from these attacks?
A.
Configure the Web Server to deny requests involving “hex encoded” characters
B.
Use SSL authentication on Web Servers
C.
Create rules in IDS to alert on strange Unicode requests
D.
Enable Active Scripts Detection at the firewall and routers
Explanation:
This is a typical Unicode attack. By configuring your IDS to trigger on strange Unicode requests you can protect your web-server from this type of attacks.
They ask “How would you PROTECT from these attacks?”
An IDS is an Intrusion DETECTION system, it detects but not prevent. If they had written IPS in stead of IDS it would be correct.
Answer “A” could be the only right answer. In Apache Web server you can use mod_security plugin to write your own rules to avoid different kind of attacks. Directory traversal it is a very well known and easy to detect attack so you could deny these attack configuring properly your web server.
was this just created today? and the exam added 400 questions to the pool?
I have the same idea.