Professional Documents
Culture Documents
Anh Nguyen
May 6th , 2010
Organization
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
Introduction
Introduction
Web Defacement
Hackers Motivation
Effects on Organizations
Introduction
Web Defacement
Occurs when an intruder maliciously
alters a Web page by inserting or
substituting provocative and
frequently offending data
Exposes visitors to misleading
information
Introduction
Web Defacement
http://www.attrition.org/mirror/attritio
n/
Tracks of defacement incidents and
keeps a mirror of defaced Web sites
Introduction
Hackers Motivation
Look for credit card numbers and other valuable
proprietary information
Gain credibility in the hacking community, in
some high profile cases, 15 minutes of fame
through media coverage of the incident
Introduction
Effects on Organizations
Organizations lose
Credibility and reputation
Customer trust and revenue
E-retailers can lose considerable patronage if their
customers feel their e-business is insecure
Financial institutions may experience significant loss of
business and integrity
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
10
11
12
14
15
16
Solutions to Web
Defacement
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
17
Solutions to Web
Defacement (Cont.)
Integrity assessment
A hash code (similar to a checksum) for
a Web page reflecting the pages
content is computed
The saved hash code is periodically
compared with the freshly computed
one to see if they match
The frequency of the hash code
comparisons needs to be high
The scheme collapses when pages are
19
generated dynamically
Solutions to Web
Defacement (Cont.)
Multi-layered protection system
Needed in order to effectively deal with
Web defacement
On-the-spot prevention
Attack s should be identified before their
executions, i.e. they should be identified at
the service request level
Use system call and API call interception
20
Solutions to Web
Defacement (Cont.)
Multi-layered protection system
(Cont.)
Administrator (root) resistant
Allow only specific predefined user (the Web
master), instead of the Administrator
account, to modify the Web site content and
configuration
OS level protection
21
Solutions to Web
Defacement (Cont.)
Multi-layered protection system
(Cont.)
HTTP attack protection
A protection module that scans incoming
HTTP requests for malicious requests, even
when the communication is encrypted,
should be used
Executables
Configuration files
Data files
Web server process
22
Solutions to Web
Defacement (Cont.)
Multi-layered protection system
(Cont.)
Other Internet server attack protection
Bind (a DNS server)
Sendmail (an SMTP server)
23
Conclusions
Introduction
How Hackers Deface Web Pages
Solutions to Web Defacement
Conclusions
24
Conclusions
Thank you for your time
Questions and feedback are welcome
25
References
Prevent Web Site Defacement
http://www.mcafee.com/us/local_content
/white_papers/wp_2000hollanderdeface
ment.pdf
26