Investigating a Web-Based Attack!
Introduction!
Investigating a web-based attack process requires accurate knowledge on the type of web site server attacked. This process calls for a forensic investigator who has detailed knowledge on how to find the loop holes which led to the attacks. Computer system especially those connected to the server are prone to those kinds of attacks, but the most important thing is to learn how to block programs that attack computers booting files, as well as, all access points.
Hacker’s crack down the passwords and access files which are within the system to terminate processes used in normal running of the computer hardware systems. This could have been the case to Pet Need’s company, which got its pages changed through their website. However, a forensic investigation will be conducted to find out how the attacker managed to gain access to this web server.
The investigation to be conducted will involve utilizing the open source software to gather and analyze malevolent network behaviors from the internet, as well as, collecting a genuine time log data about the malware attacks. It will be for a great advantage for us to understand the key terms forensic tools. To begin with is forensic, forensic simply means “to bring to the court” J Kaur (2012), while a tools means objects used for a given rationale. One of the forensic tools to be used in this analysis will be Honeypot. According to J Kaur (2012) investigative research report, Honeypot has attested to be a very effective tool in attesting more about the website and internet crimes such as; illegal hacking, malware proliferation and credit card deception.
Furthermore, Honeypots have evolved to be the major provider in capturing the attack information which is taken for purposes of analysis and investigation. By using this tool, we shall investigate the attackers root through a Honeynet forensic system; Honeypot’s network investigator of attack traces since we are aiming at determining if the break-ins are occurring through an open port. Through scanning through the attacked files using these tools, we shall discover that according to the kernel point entry the attack was through an open port. This is because the attacker was able to crack down the server access files and open password codes. For purposes of verifying password security, password hashing would be the option since through this process am guaranteed of safe access to the kernel codes and open booting files.
This procedure will ensure that there will be not impact having theft cases of the password access of plaintext password, which many hackers, crack down so easily. Gathering evidence to document the password security will be done be applying protected booting files and kernels on the server system and providing software’s that detect attack paths by creating access barriers. Pet Need’s company can use squid malware block software to paralyzes all intruder programs. This software destruction can be done by first using squid software to block URLs that contain Trojan or malware.
Internet access point to Pet Need’s company are very crucial virus entry points, so blocking this entry points will secure its server from malware attacks. The other step is to place antivirus detectors such as Avira or MacAfee. These antivirus soft wares would be used top block and terminate any malware or Trojan horse virus detected on the web server. One of the Server logs that contain clues of whoever is breaking in is honeywall system.
It acts as a gateway for Honeypot and al hackers that pass through this gateway when they attack the system. All the attackers’ activities will be observed through Honeypot in the database. IDS alerts are generated on the web interface which can be downloaded and all the attackers log files can be seen, thus becoming easy to check the entire intruder’s information, as well as, blocking it or terminating the whole attacker’s attempts.
Reference:
J. Kaur, Gurpal S. & Manpreet S. (2012) Design & Implementation of Linux based Network Forensic System using Honeynet: Journal of IJARCET vol. 1, issue 4 Retrieved on July 26, 2012http://ijarcet.org/index.php/ijarcet/article/download/189/pdf.
Is this your assignment or some part of it?
We can do it for you! Click to Order!
