Hacking a WebSite & Secure WebServer Techniques used Group-2: RollNo 6-10. Setu Behal Siddharth Bhattacharya

A chain is only as strong as its weakest link.

As the old Jungle saying goes … Half knowledge is Dangerous.

Insight into Practical Web-Server Security Issues

CACHE Poisoning

Vulnerabilities of Windows Systems 1.Internet Information Services (IIS) 2.Microsoft Data Access Components (MDAC) -Remote Data Services 3.Microsoft SQL Server 4.NETBIOS -Unprotected Windows Networking Shares 5.Anonymous Logon -Null Sessions 6.LAN Manager Authentication -Weak LM Hashing 7.General Windows Authentication - Accounts with No Passwords or Weak Passwords 8.Internet Explorer 9.Remote Registry Access 10.Windows Scripting Host

1.Internet Information Services (IIS)

2.Microsoft Data Access Components (MDAC) -Remote Data Services

3.Microsoft SQL Server

4.NETBIOS -Unprotected Windows Networking Shares

5.Anonymous Logon -Null Sessions

6.LAN Manager Authentication -Weak LM Hashing

7.General Windows Authentication - Accounts with No Passwords or Weak Passwords

8.Internet Explorer

9.Remote Registry Access

10.Windows Scripting Host

Vulnerabilities of Unix Systems 1.Remote Procedure Calls (RPC) 2.Apache Web Server 3.Secure Shell (SSH) 4.Simple Network Management Protocol (SNMP) 5.File Transfer Protocol (FTP) 6.R-Services -Trust Relationships 7.Line Printer Daemon (LPD) 8.Sendmail 9.BIND/DNS 10.General Unix Authentication -Accounts with No Passwords or Weak Passwords

1.Remote Procedure Calls (RPC)

2.Apache Web Server

3.Secure Shell (SSH)

4.Simple Network Management Protocol (SNMP)

5.File Transfer Protocol (FTP)

6.R-Services -Trust Relationships

7.Line Printer Daemon (LPD)

8.Sendmail

9.BIND/DNS

10.General Unix Authentication -Accounts with No Passwords or Weak Passwords

Hacking as perceived from Management’s Perspective

Hacking ISP DNS

Security Best Paractices [Management- Perspective]

Thankyou !!! Any Questions ?

Any Questions ?