CEH Study Guide Chapter 8

Study online at quizlet.com/_5vd09

1.

What are some ways to harden a web server?

-rename admin account and use strong passwords -disable default web site and FTP -remove unused applications from the server -disable diretory browsing -add legal notice to site -apply current patches,hotfixes, and service packs -perform bound checking on input for web forms and query strings to prevent buffer overflow -disable remote admin -use script to map unused file extensions to 404 -enable auditing and logging -use firewall between web server and Internet -replace GET method with POST method when sending data to a web server -Misconfiguration of the Web Server software -OS or application bugs, or flaws in code -Vulnerable default installation 1. scanning 2. information gathering 3. testing attack scenarios 4. planning attack 5. launch attack -Directory traversal: permits access to other directories within the file system -Source disclosure: source code of a server application can be gathered -Buffer overflow: sending more data than the web server can handle 1. dictionary: uses passwords that can be found in dictionary 2. brute-force: guesses complex passwords that use letters, numbers, and special characters 3.hybrid: use dictionary words with a number or special character as a substitute for a letter. programs that reside on a web server to give the user functionality beyond just a website - such as database queries, webmail, blogs hacker exploits a vulnerability in the OS or web server and alter the website files to show that the site has been hacked.

8.

What does Wget do? What is Authentication Hijacking? What is BASIC HTTP Authentication? What is Biometric Authentication? What is BlackWidow and what does it do? What is CertificateBased Authentication? What is Command Injection?

command-line tool that can be used to download an entire website. hacker steals a session once a user has authenticated. Countermeasure: use SSL to encrypt traffic sends username and password in cleartext uses physical characteristics such as fingerprints, eye iris, or handprint to authenticate program used to copy all the files for a target web site. uses x.509 certificates for public/private key technology. hacker inserts programming commands into a web form. Countermeasure: use languagespecific libraries for the programming language hacker corrupts or steakls cookies. Countermeasure: don't store password in a cookie; implement cookie timeout and authentication Cross-Site Scripting: parameter entered into a web form is processes by the web application. The correct combination of variables can result in arbitrary command execution. Countermeasure: validate cookies, query strings, form fields, and hidden fields hashes username and password and uses a challenge-response model for authentication. hacker browses through the folders on a system via a web browser or Windows Explorer. Countermeasure: define access rights to private folders; apply patches and hotfixes refers to using Google's search engine to locate high-value targets or information. increase its security process of updating patches and hotfixes required by a system vendor involves testing and verification on non-production sytems.

9.

10.

11.

12.

13.

14.

2.

What are the most common types of vulnerabilites in web servers? What are the stages of a web application attack?

15.

3.

What is Cookie Poisoning and Snooping? What is Cross-Site Scripting?

16.

4.

What are the three most common attacks against Windows IIS?

17.

5.

What are the three types of password attacks?

What is DIGEST HTTP Authentication? What is Directory Traversal/Unicode?

18.

6.

What are web applications?

19.

What is google hacking? What is meant by hardening a server? What is meant by patch management?

20.

7.

What does defacing a website mean?

21.

22.

What is meant by website cloaking? What is N-Stalker? What is NTLM Authentication? What is one way to do banner grabbing against a webserver? What is SQL Injection? What is the first step in attacking a web server? What is the Metasploit Framework? What is the purpose of hacking web applications? What is Token-Based Authentication? What is Webcracker? What is WebSleuth? What is WSDigger?

ability of a web server to display different types of web pages based on the users IP address. web application security scanner that assesses a web application for vulnerabilities uses Internet Explorer and IIS web servers, more suitable for internal authentication on an intranet that uses Microsoft OS. telnet to webserver at port 80 and type HEAD/HTTP/1.0 inserting SQL commands into the URL gets that database server to dump, alter, delete, or create information in the database. Countermeasure: validate user variables banner grabbing: attempt to gather information about a web server such as the OS and web server software. tool used to test or hack operating systems or web server software - eploit can be used as plug-ins and testing can be performed from Windows or Unix. to gain confidential information a token, such as SecurID, displays an authentication code for aprox 60 seconds - user uses this code for authentication tool that uses word list to attempt to log on to a web server; looking for the "HTTP 302 object moved" response to make guesses - from this response, the tool can determine the authentication type in use. program that uses spidering technology to index and entire website. web services testing tool that contains sample attack plug-ins for SQL injection, cross-site scripting, and other attacks

23. 24.

25.

26.

27.

28.

29.

30.

31.

32. 33.