How would you protect from these attacks?
Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template=%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63 %2f%70%61%73%73%77%64
This request is made up of:
.%2e%2e%2f%2e%2e%2f%2e%2e%2f = ../../../
.%65%74%63 = etc
.%2f = /
.%70%61%73%73%77%64 = passwd
How would you protect from these attacks?
Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Serve
Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers.
Why will this not be possible?
Bob has set up three web servers on Windows Server 2003 IIS 6.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network.
Why will this not be possible?
What can you infer from this observation?
While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80. What can you infer from this observation?
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
On Linux/Unix based Web servers, what privilege should the daemon service be run under?