Data easily discovered by Server Vulnerability Scanners:
Server scanners can be used to discover a surprising large amount of information about a server or set of servers. The following list shows the type of information that can be harvested by a good scanner. For each of these categories you should take extra care to ensure your server is protected and the data is securely locked down.
Vulnerable scripts – Known vulnerable scripts can compromise a server by allowing a hacker to exploit the script to allow them to upload malicious files, gain access to files already on the server that should be protected or execute application code on the server that should be unavailable such as cmd.exe
Web services and Web Applications - An unsecured web service and web applications can have many vulnerabilities that caused by poor programming technique and insecure application design. Web services and Web applications can have many errors including buffer overrun, invalid input string, SQL injection, and other bugs that can compromise the web application, service or an entire server by running with the wrong permissions. Web scanners specialize in finding these types of flaws.
Server management interfaces – Many large server solutions come with management interfaces that allow the administrator to have full control over their server remotely. This is usually insecure because it is difficult to ensure the web management interface is only used by authorized users.
Server misconfigurations – Server misconfigurations can lead to problems from site defacement to complete server control.
Server Operating System – Once a server's operating system has been discovered the hacker can research all the vulnerabilities for that OS and return to exploit them.
Enumeration of ports on the server – Once open or non-stealthed ports are discovered the hacker can use these as entryways to the server. Each port can represent a new vulnerability; all ports should be stealthed with a professional firewall. Unneeded ports can be turned off to reduce exposure and risk.
Discovery of authentication mechanisms – If a hacker knows the authentication mechanisms he/she can research the vulnerabilities inherent in this mechanism, or focus an attack to crack that specific authentication type.
Discovery of firewalls and load balancing systems – If a hacker can gain knowledge of the type of firewall he/she can find vulnerabilities in that specific hardware/software. The same is true for load balancing systems and exposed routing systems. The more knowledge the hacker is allowed the more likely they can target a specific machine behind the firewall or load balancing system and therefore do more damage.
Discovery of backend database connectivity – If backend database connectivity is discovered a hacker might be able to bypass the front end to get directly to the database, or use the same username and password from the database to access other parts of the site if the username is reused.
Enumeration of all services running on the server – If a hacker can find out each service running on the server that increases the likelihood that he/she will be able to find exploits in one or more of the services. Information that should not be broadcasted when a connection is made includes:
- Service Name
- Manufacturer
- Version number
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company