Tuesday, May 13, 2008

INT525W2L2

Modules you can add them dynamically or statically

Statically – part of the binary

Mod.so is required if you want the rest of the modules linked dynamically,

Dso vs Static


Mod.speling in the url simple module that makes you make one typographic submission in the resource you are going, cgi-bin without the - that will be an error mod.spelling will correct.

Mod.alias, gives you ability to alias directory,

Script.alias, like alias with executable power, don’t use it, does not give you the control of flexibility alias does with a directory container,

Talk about basic directive in apache we know, and some modules that supply them,

When you come to a website you are virtually hosting, the main thing that must be set, you have a principal one that you might call default or main,

If you ask for a IP it doesn’t know or a Name VH they don’t know, they have to have a default way for the request, one of the metrics it must be rebout and must be forgiving for arrant behaviour a forgiving behaviour

When it does not know the deafualt behaviour will give to the main server,

WE need to learn the simple procedure this is the default place to go and you come in for a name server, this is the place to go if we are not servicing that IP,

What things need to go into the virtual host container for the main or default server

ServerRoot parent of the apache binary trees,




LockFile /var/log/apache2/accept.lock



IfModule directive all supplied by modules, nested tree of a fork, the later one will hold true, the last declaration has more authority, precedence

Which one has higher precedence, the example is not particularly authoritative but they actually fork the decision tree, not at run time, the service is running, we are either going to go around it or go through it

So binary executable for the binary,

.c static linked component of the kernel,

This says IfModule, if you move the config to a machine and you recompile it wont blow simply trying to start so it will not do these things



This is the global configuration file httpd.conf

Reaps the child processes,

MaxSpare initiates repeaing responses,

MaxClients = Maximum requests

Worker.c

443 ssl’

Directory < “/export/srv/www/vhosts/main/htdocs”>

Main => ALL FQDN
Perl

AllowOverride None


Worker.c
A typical configuration of the process-thread controls in the worker MPM could look as follows:
ServerLimit 16
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25

Server limit identifies what will initially launch when the server is started it must be greater or equal MaxClients / ThreadsPerChild

MinSpareThreads and MaxSpareThreads identify the the idle threads in all processes and forks or kills processes to keep this number within the declaration

MaxClients the maximum total number of threads in all processes.

MaxClients / ThreadsPerChild = Max Child Processes

150 / 25 = 6

ThreadLimit must be greater or equal to ThreadsPerChild

While the processes are started as root under Unix intorder to bind processes and threads binding them to port 80 Apache will use less-privileged users.



#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon



MaxRequestsPerChild controls how frequently the server recycles processes by killing old ones and launching new ones.
Description:Multi-Processing Module implementing a hybrid multi-threaded multi-process web server
worker.c
it retains much of the stability of a process-based server by keeping multiple processes available, each with many threads.
Or
Prefork.c
It is also the best MPM for isolating each request, so that a problem with a single request will not affect any other.
Directive and Declorations

Declarations = Server Name

Directive = alias this directory their

Directive that configure this to the relation to mother child

\

ONE PARENT


worker.c has a different parent the child process then prefork.c
worker.c uses ThreadsPerChild that controls the number of threads deployed by each child prcess and Max Clients right
while prefork.c uses MinServer and MaxServer that spawns childprocesses that are indepent from the kernel
threads works as a stream as prefork words as a dependent entity


First thing that your going run out of when your worker.c is cpu and prefork.c is memory

Remember to check
http://httpd.apache.org/docs/2.2/mod/prefork.html
http://httpd.apache.org/docs/2.2/mod/worker.html

SEC520W2L1

Exploits - things that can go wrong


5 years script kiddies, now its criminal activity and has really changed, over the next few
Years it’s going to change again.


The change from operating attacks to application attacks, when you have applicatios you have a lot more variables then with dealing with the os many more applications and all doing different things, OS are straight forward applicationts are dynamic.


You still have the same things the attackers will do,

What is a DoS

CIA

Confidentiality,

Keep it secret

Integrity

Information from the data is what it should be, for instance you look at your bank account and you want to know the numbers are really their.

What it should be when it should be.

Lot of do who changed it who can change it.

Identity how do you prove someone is who they are.

Accessibility


Avaliable when its needed in a timely fashion.

DoS denies accessibility

DDoS – Distributed Denial of service

One way is to break the software this is one way another common one its not through breaking the software but overloading or clogging the piped to it.

Thisi is where DDoS, BogNets one central system which controls many computers so no one can access the service

DoS the basic, it has been mostly preformed for kids in basements or unhappy employees, They have been used for extortion, if you shut down your site it can cost you 30000 dollars it can be a real problem and it has in some palces ,


Why is the web to vulnerable to risk,

When it first came out everything was open and a kind of utopian world,

John Morris, the son of a internet pioneer the son wrote a program to find how mayn users are on the internet, thousands of the them, it used the finger deamon and it would move itself on the machine and do finger searches, he forgot to do make it see if its their, it was a naïve thing, he wrote a program that invaded other peoples computers,

Firewalls – controls what gets in and out, a firewall originally, first basic fire wall did packet filtering, looks at each packet and looks at the ports what ports is it asking for suppose you have telnet inside which is port23 and you have ssh 22 and http 80 and so , suppose you want telnet internally but not externally lets say it gets stop at the fire wall if you wna the public to have access to your web server then you make them go through that only port, may port for 25 but you restrict it to the ports you want to get through,


What happened when it was in place, everyone started having a webserver, webservers would give you some documents, well the people that wrote webservers what if it can expand to dynamic content or video they made more expansive webserver and create dynamic content.

Dynamic more accessible to the public, then they explanded the firewall they had web services goes through mysql, and come up more complex and they have holes to powerful complex software, the attacks change what they do and start aiming at the dynamic attributes of the server not just HTTP, but HTTP are common cause they do so many things and because theya re complex they are perfect targets for running exploits the exploits have gotten more and more toward webbrowsers.


Embed macros, it’s a program in a program web applications become a good target

Email targets are great bc of spam

Media players complexity, YouTube.com vector to get into the system passed the firewall.


On the server side service os the OS security software becomes a target for attackers, get a couruppted version. File management servers and database software.


Also things aimed at people, user rights unauthed devices,

Phishing, your account is over due give ur password, got all the right graphics but its false,

Spear phishing when you target people, or you lap top of usb keys, wireless if a grate vector

Instant messaging, easy for all the dumbasses.



Zero Day Attack, an attack where the attackers know it can mount it before the vendors know its their, it usually happens with hacks someone finds the weakness posts it then it the software vendors will patch it.

Because we have sophisticated criminals before they use


Storm Worm,


Recognize trends

Talking about DoS

Another privileged escalation – its like a user getting root access, some users on a a system but you want to get higher.


Trying to get from out in the cloud through a couple of a server, if they see outside traffic doing into system they have logs or IDS, they can call your service, or police come knocking

They will break in further away to get closer to the machine, trying to get machines to do the work for them, this is slow so they can get privileged escalation.






Common things, two things you will see a lot of,

XSS - Cross Site Scripting

SQL Injection



Everyone is blogging, websites allow users to put stuff in, cross site scripting when you put data in a blog that will effect the behaviour of a server, thing about it like this someone goes to a site, and look at someone’s blog the big thing now is java script, Java script embeds some code in your webpage, when the browser gets the webpage it runs that code, it allows the code to run on the clients machine however evil stuff can get in it, in cross site scription when you look at a wikipage or a blog, that will not be visible by you that will be executed by ur browser.


A lot of sites and wikis check this, but if its sophisticated it will always get through,


SQL injection when a web server is sending queires to a database databases by nature have a lot of data, its in a hackers intrest to get access to this.

If you design ur self right you, you use –T cause if you web server is interactions with database server if someone slips some sql code in the stuff that gets stuff into the data server can do bad things, get access, integrity, unauthorized, find credit card numbers.


DNS poisoning put false entries, collecting data,

Identity theft,

New devices for password, MLS and email password for only 30 seconds


Assignment 1


WHOIS
GOOGLE
DNS Tools


CanadianISP.com

Take it a generate a report a .pdf file and you can upload it