h1

Server Types

January 6, 2008

I apologize for not having sufficient time to post something new, but here we go:

Web Servers
These servers accept HTTP requests from client Web browsers and send back the requested information to the client. Web servers are the most common type of server on the Internet and, as a result, they’re the most often attacked. Most of these attacks take advantage of vulnerabilities in the Web server. These exploits include malformed requests, buffer overflows, worms, and DoS attacks.

Malformed Request – This is a request that contains some type or sequence of information that causes a Web server to malfunction. This is caused by bugs in the Web server software that cause certain input coming from a Web browser to have an adverse effect on the system.

Buffer Overflow – This type of attack is caused by sending a parameter that is outside the boundary of the system’s program. Its data buffer can overflow with information, causing it to crash or even provide administrative access to the entire system.

Worms – These are malicious code transmitted through normal HTTP communications. The Website can be infected by the worm from an infected client. The worm tries to replicate itself to other servers and clients by scanning the Internet for servers using the HTTP service port 80. Clients become infected with the worm by simply connecting to the infected Web server.

DoS – Denial of Service attacks are used to prevent other users from accessing a Website. This is accomplished by flooding the Web server with ‘bogus’ requests, so it’s unable to process legitimate ones. These attacks can come from one system or a coordinated attack of infected systems (called a Botnet) over the Internet.

E-Mail Servers
E-mail servers can be either a server to store messages and enable users to send and retrieve mail. An e-mail server can also act as a Message Transfer Agent (MTA), whose sole purpose is to relay mail from one site to another. Security for these servers is of great concern, due to e-mail being the most common target for attack by viruses and worms. Protocols used by e-mail servers include Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP). Both of these protocols use authentication (such as requiring a username and password before allowing a user to access an inbox). For sending e-mail, the standard protocol is Simple Mail Transfer Protocol (SMTP). An SMTP server forwards e-mail from a client to its proper destination.

FTP Servers
An FTP server is used to transfer files from one system to another over the Internet. A server hosting files will be running an FTP server service, which awaits file transfer requests from clients using FTP client software. Many FTP servers found on the Internet are public, and allow anonymous users to log in and download or upload files. This can be dangerous, as some files are embedded with virus or worm code which is transferred to client systems and then executed once the file is opened. Another problem with FTP servers is they’re usually installed by default with some type of anonymous account, which enables users to access the server without having to authenticate themselves.

DNS Servers
Domain Name Service (DNS) servers provide a way to translate Internet domain names into IP addresses. This allows network applications and services to refer to Internet Domains by the Fully Qualified Domain Name (FQDN) rather than by their IP address, which can be tough to remember, and often changes. Most client machines use DNS each time they connect to a network host.

NNTP Servers
Network News Transfer Protocol (NNTP) servers are used to retrieve and send Usenet newsgroups and news articles. To protect your system, NNTP servers should be set up so users who need to read or send news using the server must authenticate with a login and password. NNTP servers suffer from the same vulnerabilities that plague other Internet servers, such as Web or FTP servers.

File and Print Servers
These servers form the base for the majority of your users’ daily operations. File servers are used to store the user’s data, including personal work files, and departmental or company-wide information. Print servers are used to administer print services and print queues, where user’s print jobs are organized and sent to the appropriate printer. Security concerns with file and print servers center around authentication and access permissions. Most file servers have their directories set up as a hierarchy, typically split between user and departmental or group directories. Most printers are set up so anyone can direct print jobs to them, but for departments with access to confidential or sensitive information (such as Human Resources), the printer should have its access permissions set so that only HR can print from it.

DHCP Servers
Dynamic Host Control Protocol (DHCP) servers are used to allocate IP addresses and other network information automatically, such as DNS and Windows Internet Naming System (WINS) information to clients as they access the network. DHCP servers take the place of having to configure each client individually on the network with specific information. This greatly reduces administrative overhead because of the use of static manual addressing. This means that, if something changes on the network, such as the address of a DNS server, you have to change the information manually for each client. The main vulnerability with DHCP servers is no authentication mechanism exists to allow or disallow clients. Any client system that accesses the network and is configured for DHCP will be allocated network information so it is able to communicate with the network. This means any unauthorized machine configured for DHCP can access the network, allowing it the ability to perform a Denial of Service attack.

Directory Services
Directory Services are a repository of information regarding the users and resources of a network. Directory Services software applications and protocols are often left open and unprotected because the information they contain sometimes isn’t considered important, compared to file servers or database server information. Depending on the level of information Directory Services provide, they can be an excellent resource for the unauthorized user to gain knowledge of the network and the resources and user accounts contained within. A simple Lightweight Directory Access Protocol (LDAP) database that contains usernames, e-mail addresses, phone numbers and locations of users can be a valuable resource for the unauthorized user. Other types of directory services, such as Novell Directory Services or Microsoft Active Directory, can contain more critical network and user information such as network addresses, user account logins and passwords, and access information for servers.

Database Servers
A database server typically contains transactional types of data used as a back-end repository of information for front-end applications and Web services. The most popular forms of database software are Oracle, Microsoft SQL, and MySQL. The front-end applications that access the database usually send their command as a set of procedures for the database to run on the data and to return the required result. A hacker can easily insert their own code into these procedures to run some query on the database that can reveal or damage confidential data. This is similar to buffer overflow and invalid data type attacks that are done from a Web browser, by passing certain parameters of input that transcend the the boundaries of the software’s threshold.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: