Friday, September 15, 2017

Claim Higher College

Claim Higher College has disposed of an open source blog package. This package uses a database backend and allows users to create user IDs, sites, and their own content to post it. Recently, the service has had off-campus users who have posted links that appear to be directed towards University resources but they are getting redirected toward off-campus malware sites.
I would suggest that the application administrator perform a scan of the application.  I would suggest that they use a product called WebInspect.  WebInspect is a commercial tool that tests Web applications and servers.  Some of the advantages of WebInspect is  1. it saves time when dealing with a large application, 2. it simulates the attack and shows detailed reports on the outcome, and 3. it is not dependent on the underlying language.  The application administrator does not need to rely only on this one tool.  They should also perform a Nikto scan.  A Nikto scan will scan the server for dangerous configurations, files, and Common Gateway Interface (CGI) scripts.  They could also restrict the use of the application to on-campus only by putting it behind a firewall and blocking all off-campus traffic.
A developer for Claim Higher College is planning a Web server form for submission of calendar events to the College’s event calendar.  The main protective measures I would suggest is that the developer needs to make sure that they have added input validation to the coding so that a hacker could not perform what is called a Structured Query Language (SQL) injections.  A SQL injection is where a hacker inputs SQL commands in the data fields and it returns useful information for the hacker to use to hack the server.  Adding input validation would mitigate this by not allowing the hacker to input commands into the data fields.  SQL injection could also lead to data malformation or even deleting the data altogether.

A scan of Claim Higher College’s primary Web server from using a Nikto shows a large number of default configuration files and sample files on many of the older servers.  After the security team performed a Nikto search it showed that there were default configuration files and sample files showing up on many of the older servers.
I would suggest that the security team first update and patch all existing servers.  Then they would need to evaluate all of the default configuration files.  They would need to change all of the defaults to non-default names and delete the default files that were not needed.  They would also need to uninstall all default applications that are not needed.  This would help close some security holes.  I would also suggest that they delete all sample files as this would further close holes that hackers could take advantage of.

No comments:

Post a Comment

Remote Hybrid and Office work