SlideShare a Scribd company logo

Uweb Meeting Presentation - Website Exploits

Download as PPTX, PDF
T
tamuwww

Presentation given by Ellen Mitchell of the CIS security team on website exploits - what do we see at Texas A&M, how can you prevent them, what should you do if your site is hacked.

Technology
1 of 51
Web Server Compromises Ellen Mitchell, CISSP 12/09/2014
Outline • What is a web server compromise? • Background - who participates in campus process (open web server, respond)? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
What is a Web Server Compromise? • Defacement • Pharmacy Spam (viagra, cialis)
Defacement • Defacement is a type of vandalism that involves damaging the appearance or surface of something.
Added to www.tamu.edu (in 2005)
Other defacement examples
Another defacement example
Another defacement example – (this also has sound)
Pharmacy Spam • Malicious code injected on legitimate but compromised sites • There is also a twist – referer links, user agents, etc. can prevent admins from discovering this easily
Spam Classified by Category MessageLabs Intelligence - February 2010]
Legitimate site
Hosting Pharmacy Spam
Sample Google Search
Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
Participants? • Host “owners” as recorded in “NIM”
Participants? • Host “owners” as recorded in “NIM” – “Liaisons” on behalf of a professor/customer – Web server maintainers (the “mechanic”) – Web content managers (the “driver”) – From student workers -> professional IT staff • Security team • Your web audience
Participants? • Host “owners” as recorded in “NIM” – “Liaisons” on behalf of a professor/customer – Web server maintainers (the “mechanic”) – Web content managers (the “driver”) – From student workers -> professional IT staff • Security team • Your web audience
Typical Process to Launch Web Server • Contact Security Team – security@tamu.edu • Vulnerability Scan – Self-service: scan.tamu.edu or – We’ll scan for you
Sample Scan Output
Typical Process to Launch Web Server • Contact Security Team • Vulnerability Scan – Self-service: scan.tamu.edu or – We’ll scan for you • Fix any problems • Port(s) are opened on the campus firewall
Common Issues We See (1/3) • Software can permit execution of arbitrary commands, re-direct to other sites, inclusion of files, loss of data • Out of date versions: – PHP – Apache – Drupal – WordPress – Joomla
Common Issues We See (2/3) • Configuration – SSLv2, SSLv3 should be disabled, use TLS • https://www.sslshopper.com/article-how-to-disable-ssl- 2.0-in-iis-7.html • https://www.digitalocean.com/community/tutorials/ho w-to-protect-your-server-against-the-poodle-sslv3- vulnerability – Self-signed certificates • Get one at no cost from cert.tamu.edu
Common Issues We See (3/3) • Configuration – Forums not locked down – WordPress default configuration allows someone to create their own blog • See owasp.org “top 10” list of problems (Open Web Application Security Project) • Doing research, we found many of the “top 10” problems from 2006 were same as today
OWASP Top 10 problems from 2006 • Unvalidated input • Broken access control • Broken authentication and session management • Cross-site scripting (XSS) • Buffer overflows • Injection flaws (shell commands and sql) • Improper error handling • Insecure storage • Denial of service • Insecure configuration management
OWASP Top 10 problems from 2013 • Injection • Broken authentication and session management • Cross-site scripting (XSS) • Insecure direct object references • Security misconfiguration • Sensitive data exposure • Missing function level access control • Cross-site request forgery • Using components with known vulnerabilities • Unvalidated redirects and forwards
Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
How Can We Prevent Compromise? (1/2) • Vulnerability scans • Keep up-to-date with software, patches • Secunia Corporate Software Inspector • Back up your content • Code review – sanitize input
Prevention (2/2) • Microsoft Baseline Security Analyzer (Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP) • Antivirus • Be careful what you install – Toolbars – source of spyware – Cnet.com – often software comes pre-installed with undesirable add-ons
Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
How Can We Detect It? • In-house tools (IDS)
Notices from IDS
IDS, Continued
IDS, Continued
Analyze trends on campus (1/2)
Analyze trends on campus (2/2)
A note about Mudrop • Windows malware • Talks to “Mother Ship” and downloads additional files • Bypasses personal firewall settings • Affects Master Boot Record and registry
A note about Zeus • Windows malware • Keylogger, can steal financial information • Used to install CryptoLocker ransomware • Hard to detect and prevent • Often obtained via phishing, “drive-by” downloads
How Can We Detect It? • In-house tools (IDS) • Receive notices from off-campus
US-CERT
REN-ISAC
How Can We Detect It? • In-house tools (IDS) • Receive notices from off-campus • Phone calls, email to president@tamu.edu
How Can We Detect It? • In-house tools (IDS) • Receive notices from off-campus • Phone calls, email to president@tamu.edu • Google Webmaster Tools
Google Webmaster Tools
Google Webmaster Tools • Fetch as googlebot • The fetch and render mode tells Googlebot to crawl and display your page as browsers would display it to your audience. […] You can use the rendered image to detect differences between how Googlebot sees your page, and how your browser renders it.
How Can We Detect It? • In-house tools • Receive notices from off-campus • Phone calls, email to president@tamu.edu • Google Webmaster Tools • Review log files (ours and yours)
Correlating Log Files
Strange Characters in Log Files • http://host/cgi-bin/lame.cgi?file=../../../../etc/motd • "%20" Requests • "%00" Requests • "|" Requests • http://host/cgi-bin/ helloworld?type=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
What Do We Do if Compromised? • Please contact us if we haven’t contacted you – We can cross-reference and notify others – We contact the NIM-owner (or best guess) • Determine what happened – We may be able to help, with scans/logs, forensic service contract • Close firewall ports? • Restore content? • Reinstall?
Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
Additional Resources • us-cert.gov • isc.sans.org • owasp.org • Providers such as php mailing list, etc. • www.cgisecurity.com/papers/fingerprint-port80. txt • aw-snap.info • am-compadmin (listserv.tamu.edu) • tamunet (listserv.tamu.edu)

Recommended

Analysis of web application worms and viruses
Analysis of web application worms and virusesAnalysis of web application worms and viruses
Analysis of web application worms and virusesUltraUploader
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015ColdFusionConference
 
The Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityThe Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityPatrycja Wegrzynowicz
 
The Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionThe Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionPatrycja Wegrzynowicz
 
The Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityThe Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityPatrycja Wegrzynowicz
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security ToolsLalit Kale
 

Recommended

Analysis of web application worms and viruses
Analysis of web application worms and virusesAnalysis of web application worms and viruses
Analysis of web application worms and virusesUltraUploader
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015ColdFusionConference
 
The Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityThe Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityPatrycja Wegrzynowicz
 
The Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionThe Hacker's Guide to NoSQL Injection
The Hacker's Guide to NoSQL InjectionPatrycja Wegrzynowicz
 
The Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityThe Hacker's Guide to JWT Security
The Hacker's Guide to JWT SecurityPatrycja Wegrzynowicz
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security ToolsLalit Kale
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
Chasing web-based malware
Chasing web-based malwareChasing web-based malware
Chasing web-based malwareFACE
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014ColdFusionConference
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Formal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFormal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFACE
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
Secure Authentication and Session Management in Java EE
Secure Authentication and Session Management in Java EESecure Authentication and Session Management in Java EE
Secure Authentication and Session Management in Java EEPatrycja Wegrzynowicz
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
Attques web
Attques webAttques web
Attques webTarek MOHAMED
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 n|u - The Open Security Community
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in PracticeSecurity Innovation
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Internet Security
Internet SecurityInternet Security
Internet SecurityMitesh Gupta
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your SitePatrick Laverty
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail YouMichael Gough
 
Scaling-up and Automating Web Application Security Tech Talk
Scaling-up and Automating Web Application Security Tech TalkScaling-up and Automating Web Application Security Tech Talk
Scaling-up and Automating Web Application Security Tech TalkNetsparker
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 

More Related Content

What's hot

Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
Chasing web-based malware
Chasing web-based malwareChasing web-based malware
Chasing web-based malwareFACE
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Formal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFormal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFACE
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
Secure Authentication and Session Management in Java EE
Secure Authentication and Session Management in Java EESecure Authentication and Session Management in Java EE
Secure Authentication and Session Management in Java EEPatrycja Wegrzynowicz
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 

What's hot (12)

Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
Chasing web-based malware
Chasing web-based malwareChasing web-based malware
Chasing web-based malware
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Formal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHPFormal, Executable Semantics of Web Languages: JavaScript and PHP
Formal, Executable Semantics of Web Languages: JavaScript and PHP
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
 
Secure Authentication and Session Management in Java EE
Secure Authentication and Session Management in Java EESecure Authentication and Session Management in Java EE
Secure Authentication and Session Management in Java EE
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
Attques web
Attques webAttques web
Attques web
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
 

Similar to Uweb Meeting Presentation - Website Exploits

Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksJames Cash
 
How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your SitePatrick Laverty
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail YouMichael Gough
 
Scaling-up and Automating Web Application Security Tech Talk
Scaling-up and Automating Web Application Security Tech TalkScaling-up and Automating Web Application Security Tech Talk
Scaling-up and Automating Web Application Security Tech TalkNetsparker
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20Tabăra de Testare
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web DevelopersKrishna Srikanth Manda
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

Similar to Uweb Meeting Presentation - Website Exploits (20)

OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your Site
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
 
Scaling-up and Automating Web Application Security Tech Talk
Scaling-up and Automating Web Application Security Tech TalkScaling-up and Automating Web Application Security Tech Talk
Scaling-up and Automating Web Application Security Tech Talk
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Web Security
Web SecurityWeb Security
Web Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
The OWASP Top 10 Most Critical Web App Security Risks - TdT@Cluj #20
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

More from tamuwww

A Useful Guide to Google Analytics
A Useful Guide to Google AnalyticsA Useful Guide to Google Analytics
A Useful Guide to Google Analyticstamuwww
 
ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...
ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...
ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...tamuwww
 
Marketing the Texas A&M University Mobile App
Marketing the Texas A&M University Mobile AppMarketing the Texas A&M University Mobile App
Marketing the Texas A&M University Mobile Apptamuwww
 
Choosing our new university calendar
Choosing our new university calendarChoosing our new university calendar
Choosing our new university calendartamuwww
 
Search Engine Optimization
Search Engine OptimizationSearch Engine Optimization
Search Engine Optimizationtamuwww
 
Making Your Website Search Friendly
Making Your Website Search FriendlyMaking Your Website Search Friendly
Making Your Website Search Friendlytamuwww
 
The Politics of Designing a Large University Website
The Politics of Designing a Large University WebsiteThe Politics of Designing a Large University Website
The Politics of Designing a Large University Websitetamuwww
 
Brand Council Presentation - How to Build A Successful Facebook Page
Brand Council Presentation - How to Build A Successful Facebook PageBrand Council Presentation - How to Build A Successful Facebook Page
Brand Council Presentation - How to Build A Successful Facebook Pagetamuwww
 
Modern Website Development
Modern Website DevelopmentModern Website Development
Modern Website Developmenttamuwww
 
Developing a Mobile Website - HighEdWeb Conference 2010
Developing a Mobile Website - HighEdWeb Conference 2010Developing a Mobile Website - HighEdWeb Conference 2010
Developing a Mobile Website - HighEdWeb Conference 2010tamuwww
 

More from tamuwww (10)

A Useful Guide to Google Analytics
A Useful Guide to Google AnalyticsA Useful Guide to Google Analytics
A Useful Guide to Google Analytics
 
ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...
ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...
ESSENTIAL COMMUNICATION: Using a mobile app for personalized messaging and em...
 
Marketing the Texas A&M University Mobile App
Marketing the Texas A&M University Mobile AppMarketing the Texas A&M University Mobile App
Marketing the Texas A&M University Mobile App
 
Choosing our new university calendar
Choosing our new university calendarChoosing our new university calendar
Choosing our new university calendar
 
Search Engine Optimization
Search Engine OptimizationSearch Engine Optimization
Search Engine Optimization
 
Making Your Website Search Friendly
Making Your Website Search FriendlyMaking Your Website Search Friendly
Making Your Website Search Friendly
 
The Politics of Designing a Large University Website
The Politics of Designing a Large University WebsiteThe Politics of Designing a Large University Website
The Politics of Designing a Large University Website
 
Brand Council Presentation - How to Build A Successful Facebook Page
Brand Council Presentation - How to Build A Successful Facebook PageBrand Council Presentation - How to Build A Successful Facebook Page
Brand Council Presentation - How to Build A Successful Facebook Page
 
Modern Website Development
Modern Website DevelopmentModern Website Development
Modern Website Development
 
Developing a Mobile Website - HighEdWeb Conference 2010
Developing a Mobile Website - HighEdWeb Conference 2010Developing a Mobile Website - HighEdWeb Conference 2010
Developing a Mobile Website - HighEdWeb Conference 2010
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Uweb Meeting Presentation - Website Exploits

  • 1. Web Server Compromises Ellen Mitchell, CISSP 12/09/2014
  • 2. Outline • What is a web server compromise? • Background - who participates in campus process (open web server, respond)? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
  • 3. What is a Web Server Compromise? • Defacement • Pharmacy Spam (viagra, cialis)
  • 4. Defacement • Defacement is a type of vandalism that involves damaging the appearance or surface of something.
  • 8. Another defacement example – (this also has sound)
  • 9. Pharmacy Spam • Malicious code injected on legitimate but compromised sites • There is also a twist – referer links, user agents, etc. can prevent admins from discovering this easily
  • 10. Spam Classified by Category MessageLabs Intelligence - February 2010]
  • 14. Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
  • 15. Participants? • Host “owners” as recorded in “NIM”
  • 16. Participants? • Host “owners” as recorded in “NIM” – “Liaisons” on behalf of a professor/customer – Web server maintainers (the “mechanic”) – Web content managers (the “driver”) – From student workers -> professional IT staff • Security team • Your web audience
  • 17. Participants? • Host “owners” as recorded in “NIM” – “Liaisons” on behalf of a professor/customer – Web server maintainers (the “mechanic”) – Web content managers (the “driver”) – From student workers -> professional IT staff • Security team • Your web audience
  • 18. Typical Process to Launch Web Server • Contact Security Team – security@tamu.edu • Vulnerability Scan – Self-service: scan.tamu.edu or – We’ll scan for you
  • 20. Typical Process to Launch Web Server • Contact Security Team • Vulnerability Scan – Self-service: scan.tamu.edu or – We’ll scan for you • Fix any problems • Port(s) are opened on the campus firewall
  • 21. Common Issues We See (1/3) • Software can permit execution of arbitrary commands, re-direct to other sites, inclusion of files, loss of data • Out of date versions: – PHP – Apache – Drupal – WordPress – Joomla
  • 22. Common Issues We See (2/3) • Configuration – SSLv2, SSLv3 should be disabled, use TLS • https://www.sslshopper.com/article-how-to-disable-ssl- 2.0-in-iis-7.html • https://www.digitalocean.com/community/tutorials/ho w-to-protect-your-server-against-the-poodle-sslv3- vulnerability – Self-signed certificates • Get one at no cost from cert.tamu.edu
  • 23. Common Issues We See (3/3) • Configuration – Forums not locked down – WordPress default configuration allows someone to create their own blog • See owasp.org “top 10” list of problems (Open Web Application Security Project) • Doing research, we found many of the “top 10” problems from 2006 were same as today
  • 24. OWASP Top 10 problems from 2006 • Unvalidated input • Broken access control • Broken authentication and session management • Cross-site scripting (XSS) • Buffer overflows • Injection flaws (shell commands and sql) • Improper error handling • Insecure storage • Denial of service • Insecure configuration management
  • 25. OWASP Top 10 problems from 2013 • Injection • Broken authentication and session management • Cross-site scripting (XSS) • Insecure direct object references • Security misconfiguration • Sensitive data exposure • Missing function level access control • Cross-site request forgery • Using components with known vulnerabilities • Unvalidated redirects and forwards
  • 26. Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
  • 27. How Can We Prevent Compromise? (1/2) • Vulnerability scans • Keep up-to-date with software, patches • Secunia Corporate Software Inspector • Back up your content • Code review – sanitize input
  • 28. Prevention (2/2) • Microsoft Baseline Security Analyzer (Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP) • Antivirus • Be careful what you install – Toolbars – source of spyware – Cnet.com – often software comes pre-installed with undesirable add-ons
  • 29. Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
  • 30. How Can We Detect It? • In-house tools (IDS)
  • 34. Analyze trends on campus (1/2)
  • 35. Analyze trends on campus (2/2)
  • 36. A note about Mudrop • Windows malware • Talks to “Mother Ship” and downloads additional files • Bypasses personal firewall settings • Affects Master Boot Record and registry
  • 37. A note about Zeus • Windows malware • Keylogger, can steal financial information • Used to install CryptoLocker ransomware • Hard to detect and prevent • Often obtained via phishing, “drive-by” downloads
  • 38. How Can We Detect It? • In-house tools (IDS) • Receive notices from off-campus
  • 41. How Can We Detect It? • In-house tools (IDS) • Receive notices from off-campus • Phone calls, email to president@tamu.edu
  • 42. How Can We Detect It? • In-house tools (IDS) • Receive notices from off-campus • Phone calls, email to president@tamu.edu • Google Webmaster Tools
  • 44. Google Webmaster Tools • Fetch as googlebot • The fetch and render mode tells Googlebot to crawl and display your page as browsers would display it to your audience. […] You can use the rendered image to detect differences between how Googlebot sees your page, and how your browser renders it.
  • 45. How Can We Detect It? • In-house tools • Receive notices from off-campus • Phone calls, email to president@tamu.edu • Google Webmaster Tools • Review log files (ours and yours)
  • 47. Strange Characters in Log Files • http://host/cgi-bin/lame.cgi?file=../../../../etc/motd • "%20" Requests • "%00" Requests • "|" Requests • http://host/cgi-bin/ helloworld?type=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
  • 48. Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
  • 49. What Do We Do if Compromised? • Please contact us if we haven’t contacted you – We can cross-reference and notify others – We contact the NIM-owner (or best guess) • Determine what happened – We may be able to help, with scans/logs, forensic service contract • Close firewall ports? • Restore content? • Reinstall?
  • 50. Outline • What is a web server compromise? • Background - who participates in campus process? – Typical steps to launch web server on campus • How can we prevent compromise? • How can we detect it? • What do we do if compromised? • Additional resources
  • 51. Additional Resources • us-cert.gov • isc.sans.org • owasp.org • Providers such as php mailing list, etc. • www.cgisecurity.com/papers/fingerprint-port80. txt • aw-snap.info • am-compadmin (listserv.tamu.edu) • tamunet (listserv.tamu.edu)