Take a look at the following attack on a Web Server using obstructed URL:
How would you protect from these attacks?
A.
Configure the Web Server to deny requests involving “hex encoded” characters
B.
Create rules in IDS to alert on strange Unicode requests
C.
Use SSL authentication on Web Servers
D.
Enable Active Scripts Detection at the firewall and routers
This answer is wrong – IDS detects, doesn’t prevent. The correct answer is A – deny hex coded characters.
You’re right and there are a few I’ve seen like this, where it’s really a matter of the ‘best’ answer out of all, and the fault is the actual wording of the questions. lol I don’t like this one.
Even if your server could block hex characters, who’s to say that the web server is not simple vulnerable to any kind of ‘information disclosure’ vulnerabilities or directory traversal vulnerabilities anyway, which would allow the attacker to type normal text and grab the /etc/password file, by doing dot dot slash methods? That’s not hex encoded so A wouldn’t stop the underlying problem with the web server allowing traversal. Then you’d need a WAF or IPS to actually STOP this.
right Johnny, however the question is only about “protection”.
You can’t deny all requests with “hex encoded” characters because that would limit functionality. You can’t just broadly disable features because they MIGHT be exploited.
There are IDSs out there that detect traffic and also react accordingly. Its all about the type of IDS installed. However, you are right in that this question is a bit unclear! I choose C!
Those are IPS not IDS (i.e. Intrusion PREVENTION Systems)
Its DETECTION
source here
http://www.HwSLvGkVLH.com/HwSLvGkVLH