tasking, high performance operating systems that were designed in
conjunction with the Internet with networking in mind so are more
focussed on security. (1) The main way to attack this system would
be to try and gain root access or escalate privileges from a basic
user account. Therefore, in order to protect the system, careful
policy control would be needed on user accounts and certain
hardening procedures would need to be carried out such as running
rootkit testing software and vulnerability testing tools to make sure it
was safe. Some other forms of auditing would be useful to look for
strange patterns or other signals. (1)
Another main component would be the web server software. This
software would be something like Apache or Nginx. The software
serves web pages upon request and has other features to shape
traffic and make sure that a web site is fast and efficient. (1) The
main attack here, as with the operating system, is to look for code
which has not been hardened or permissions that have been left too
soft. Attacks scan the web server for folders and files that have poor
permissions, such as the ability to be written, and then upload code
which can then be triggered to launch an attack. (1)
(6 marks) A* 4-2.4, 3.3, 3.4, 3.5, 4.3
One other main component is the database server, in most cases
this will be MySQL or something similar. The database stores data
from the front end web site and can process this data to send back
information, such as search results or queries. It is also populated
with data uploaded to the site, such as pictures for someone’s photo
gallery. (1) The attack on this system is to try and run some code
using the database’s permissions. By default a MySQL database
will have no root password so attackers can run uploaded data as
root which can then damage or take control of the underlying server.
(1)
TLM Handbook
Level 2 Certificate in Cyber Security and Digital Forensics
131