Cisco CCIE Security 350-701 – WEb Traffic – Attacks- Solutions

1. Web Access – Possible Threats

Types of attacks you generally see on the web access. Like mainly there are two types of attacks. We have something called web based security threats which are mostly related to web accessing, the websites or even it can be emailed, so some more on the email based. Basically like there are different like phishing attacks or email spams. So here initially we’ll be are more focused on the web based security. Web based threats will try to understand like there are different types of viruses or the malware programs or worms, trojans partners, there are different types of softwares or malicious softwares.

We call them as so technically we call them as malware. Now malware is a kind of software or malicious software code which is specially designed to damage your data or disrupt your services or steal your information. So basically these are the kind of back end applications which run automatically without your knowledge. So generally we call them as viruses or malware generally or even it can happen by downloading some kind of applications onto the network, onto the computer which typically impact the applications or even sometimes it can affect the complete network as well.

So we need to make sure that these malwares should not get downloaded or should be restricted or should be monitored, blocked. And also there are some other issues like data leaking issues. Now data leaking relating to like uploading some kind of files like in the company network, you don’t want any of your employee to upload the files to his email accounts or maybe some kind of thirdparty software like Dropbox or Mega upload this kind of attachments. So we need to restrict that uploads to ensure that the data is not leaked outside your company. Similarly it also relates to the email as well. And also you want to ensure that your web security, the employee productivity is also important because most of the employees may be spending some most of the time on social networking sites.

You need to make sure that the traffic towards the social networking sites should be blocked or it should be restricted. You also want to do that. So even that is something we want to implement in web security by restricting access to some of the social networking or the news sites like that. So even nowadays you can download specific kind of malwares.

Even some of the valid websites, not only there are websites which contains the malicious codes, even there are some of the trusted websites can also get compromised with the security and make it install some of the malware when you are trying to access some of the valid websites. So even we have something like dos attacks or denial of service attacks or distributed denial of service attacks. So typically these kind of attacks ensures that your website, a specific application you are hosting on the internet, it might not.

2. Web Based Attacks-Solutions

Now most of the common attacks coming from the internet will be relating to either the email based or the web traffic. So initially here we’ll be focusing on web based threads. Like typically the end user may download some kind of malicious traffic, can be viruses or the malware, and there’s those particular traffic or the malicious software which is downloaded to the end user. And after that it will be executed in the back end, which can impact the performance of the devices.

Or maybe cause some kind of data leakage where your database files or maybe some passwords will be shared automatically without the knowledge of the users. And also some other issues like the employee productivity where the end users might be accessing traffic from mostly spending time on social media sites or maybe the news websites where you may want to deny the employees from accessing some of these specific sites. Now, mostly the possible web based threads can be like attacker is. Maybe a user or end user may go to the specific website, which might be a website which contains a lot of malware and maybe he gets some.

Downloaded some of the malicious traffic onto the end user but typically will configure some firewalls or some other devices probably to deny. Are there any traffic coming from specific URLs which contains the malware? Now, the other possibility is the end user may actually get downloaded some malware from the valid websites. Like let’s take an example, there is a website end user and maybe you’re trying to access some facebook. com or maybe you’re trying to access some kind of XYZ server which is a valid server. So what attacker will do is attacker will try to introduce some kind of malicious traffic into the web servers and where the end user, when he’s trying to access that valid web server, the end user may get downloaded some kind of malicious traffic along with the web page. Again, typically this server is actually a valid server on the internet.

So the attacker now typically the web based attacks are more enhanced in today’s networks where the attacker break into the valid website and probably they send some kind of malicious traffic into that. So when the end user get into that website, probably may get installed those kind of malwares which can cause to some data leakage or maybe some other issues. So typical examples, you can say maybe you visit some valid website and it will prompt you to download the ad of Flash and you’ll see some messages like that of flash you’re running is out of date and you may end up thinking that it might be a valid request. So you end up installing that particular tools.

So some kind of JavaScripts or maybe you download some kind of PDFs which can contain some kind of malicious traffic or even you see some ads on the Facebook or any other links which may contain some malicious traffic and you may think that it might be a link which redirect to the news or any other some information. Probably you end up installing those malicious traffic so which will redirect to some different websites or maybe some run some kind of applications in the package. So I got some more information. Like if you try to get into this annual security reports from Cisco, probably from other websites, you see this is like a report says that from around 19. 7 billion threats will be blocked daily and of course per yearly. So it’s going to end its keep on increasing.

So most of this 85% of the ad companies affect each month because of this malicious browser extensions you end up installing because of some extensions inside the browser. And one more possible threat is like most of the web pages nowadays are encrypted. It becomes more and more difficult to monitor the traffic which is actually encrypted.

3. Web Attack Examples

So let’s see some more forms of attacks. You generally see there are typically there are different types of attacks. So probably I’ll be going through with some of the overview of the possible attacks, some critical concepts on that. As I said, the web based is the most common traffic on the internet and also it’s common channel from where most of the attacks can happen. So based on many security reports and especially most of the Http traffic, like a lot of applications work still on Http and it is not secure. Of course you have most of the websites, even Google Yahoo runs on Https into this network. So even you are trying to access some kind of Facebook video calling. Even there are many applications, they use browsers or they use web based traffic.

if you’re using any kind of meeting software, they probably work on web based. So either you want to restrict specific applications or you want to ensure that when the web traffic is going that should be secure, it doesn’t contain any kind of malicious codes or you want to restrict specific URLs on the websites. So let’s try to see the typical kind of attacks. Like one of the basic kind of attack on a web will be like the attacker. So probably let’s say you have an attacker, attacker is going to compromise with a specific website. Like let’s say there is a website with a name called www. xyz. com. So basically this is a valid website, may be hosted by some company. Now the attacker is going to gain access and insert some kind of malicious code into that particular website. So let’s say you have some kind of malicious code added to that particular website.

So attacker breaks into the website and post some kind of malware. Okay? So now what happens is whenever a user is trying to access that website, also these malicious codes may get installed into the user website without the knowledge and the malicious activity happens at the back end and that ensures that the user system or the specific network is compromised. And there’s a possibility that attacker may gain access or get some information or maybe that malicious code can actually correct your information. Something like that. So basically this is a kind of typical web based attack and there are different ways actually it happens.

So I have listed some of the names here. Like there are different ways that acts can happen in that. Some of them are like the first one you can see there is something called SQL injection attacks. Now this is specifically where the attacker intention is to get access to the database where it works with something. Like the attacker is going to find some kind of flaws in the websites that has a database. Like let’s say you are trying to access this website here and that website also has some customer details to enter. Like if you visit our page on the contact details. We also have this kind of portal where you will be asked to enter your name, email, this kind of details which will be again stored in the back end database.

Now, if this particular web page, if it is poorly designed with some kind of lesser security options then basically this can allow because the attacker is going to inject some kind of attack onto the server, onto the specific web server and the attacker may gain access to that particular database. So this kind of attack is specially used by the attacker to gain access to the database. So this is one kind of attack. There are other options like malicious advertisements. Now most of the websites when you visit you will see some kind of advertisements generally displayed, we call them as mall advertisements, that’s what maladisements. So basically they will be displayed on the websites hosted by third party advertisement sites generally and whenever the attacker, attacker actually uses some kind of online advising to spread those malware.

So basically it can be one of the ad from the attacker. So when you click on that particular link it will redirect to some specific website and at the back end it may automatically install some kind of malware or those things can happen at the back end. So the other options like drive by download. Now, this is a kind of option where you generally download some kind of software at the back end. So whenever you browse any specific website, it allows you to download some kind of exe files or some kind of executable files at the back end, which are automatically downloaded onto the user computer without your knowledge or without your permission. Normally. And that again injects some kind of malware into your network or into your specific computer.

Again and some other options like software vulnerabilities. Now this is specifically if you have some kind of bugs in your applications or on your web browsers, probably using some kind of older web browsers or even it can be on your web server as well. So the attacker is going to use that particular kind of vulnerability or some kind of bugs to use that information probably to introduce some kind of attacks here. So basically this will again lead to like downloading some kind of malicious codes or corrupting some kind of files or crashing the applications.

This all includes in that, like some of the examples you’ll find some kind of whenever you visit a website, it says your ad of flashback is not up to date or this software is not up to date or even when you’re trying to access some kind of multimedia sites or gaming sites or even sometimes it will ask you to download this document viewer or PDF viewer to view this file, something like that. So probably you’ll absorb these things when you are browsing generally you will see this kind of thing. So there are other options like attacks on the back end, virtual hosting companies as well at the back end. And also there is something called search engine result redirection kind of thing. Now this typically happens where you use some kind of search engine. It can be anything like Google or Yahoo or whatever the search engine you’re using. So basically you search with a specific keywords you will find some kind of URLs listed.

So when you click on this particular URL so basically this says it actually to specific website it displays actually here it shows you some kind of URL website but actually at the back end it is not that particular URL. If you observe here basically that points to some kind of different URL. So this is not come from Google. You’ll see the name as similar 10 EE something like Google or something like that. So basically you have to observe this as well. We call this a search engine result. Basically that will list some URLs and when you click on this URLs they redirect to that website which contains some kind of malicious codes. We need to be careful with that as well. Apart from that you also have one more option like cross site scripting attacks. Now this is basically kind of malicious scripts which are inspected to the which are injected to the trusted websites like you have.

This is a trusted website, let’s say XYZ. com. So the attacker is going to inject some kind of script onto that website. So whenever this user is trying to access that particular web application or website through the whenever this user is trying to access that so basically the security is compromised. So whatever the cookie information or whatever the information will be passed on to the attacker. So these are some of the different types of attacks may happen even there are plenty if you see there are a lot of attacks which are web based so I’ve just listed few of them. As a quick overview, what are the different types of threats or the attacks you can see through web based in general. So if you just visit these URLs you’ll find some information in the report from Cisco which lists different types of attacks which.

4. Web Security Solutions

In the previous sections we have seen some of the attack methods which are used by the attacker to initiate or introduce some kind of web based attacks where your security will be compromised. So what we need to do, we need to implement some kind of web security solution to overcome this. Our job is to make sure that the net, the traffic which is coming on the internet, especially the web traffic, should be clean and it should not contain any kind of malicious codes. So this is very important. So at the same time you also want to ensure that you block specific URLs or the bad websites. So basically you should have a list of websites updated.

So basically these websites should be automatically blocked or even whatever the attack, I have shown whenever a user is trying to access a specific XYZ. com website. And as for the database, let’s say this website is a bad website which contains some kind of malicious codes that should be automatically blocked, again manually, it’s not possible. So there should be some kind of automated mechanism because there are millions of websites on the internet, so it’s not possible to define each and every website.

So there should be some kind of database and that should be constantly updated and the malicious software programs which are designed to infect that should be identified and that should be blocked. So even if there is any kind of a valid website which you are trying to access let’s say you are trying to access Ny. com, so it’s a valid website, but if it is compromised with some security, where it may have some kind of malicious codes get installed at the back end. When you visit that that should be identified and that should be blocked.

And also we need to make sure that the valid websites including whatever the same example which I discussed just now, if you’re trying to access some kind of social media sites, you really want to block or ELO and if they contain some kind of malicious codes, then that should be blocked. And also you want to restrict that to ensure that you don’t upload any kind of files or malicious codes on the internet or download from the internet whenever you are knowingly or unknowingly trying to access some kind of websites so that should be denied. And also to improve productivity.

You want to restrict some kind of URLs, like some kind of gaming sites. You want to restrict or news websites and social media websites, any adult sites. You really want to block this kind of websites to improve some productivity and to ensure that your employees do not spend much time on this thing. So specific applications also you can block like you want to allow the facebook, but at the same time you want to restrict some kind of specific application like video calling or some kind of other applications. So we need to implement a web security solution or your firewall should support that. Or you need to have inbuilt these features which totally monitors your web traffic.

So there are different vendors in the market which do all these options. Like Cisco have a dedicated product called WSA. Even on the ASA firewalls, you have a URL filtering options, some kind of malware scanning options. So depends upon but again, Cisco have a dedicated device device where we’ll be focusing on, which is totally focused on providing the web security. Apart from that, you also have many other vendors on the market.

• Category: Uncategorized