After profiling a target organization, an attacker finds that the external infrastructure has been hardened and configured securely. The only service visible to the Internet is an SSL VPN web interface, which has two-factor authentication implemented. This interface requires a username and a password, as well as a hardware token code that changes every 60 seconds.
The attacker decides that the best way to compromise the environment is to mirror the SSL VPN interface onto his own machine, with some slight malicious modifications. These modifications include the addition of tiny frames that contain client-side exploits for different types and versions of web browsers, client-side code that implements a HTTP proxy via the internal web browser, as well as the ability to capture the authentication credentials for the SSL VPN.
Using email addresses enumerated from various places on the Internet, the attacker spoofs a series of convincing emails from the IT manager, instructing each user to log in to the SSL VPN using the link provided, which points to the attacker's fake SSL VPN web interface, or else the user's account would be disabled.
Within 30 seconds of sending these emails, users begin to log in to the attacker's website. This immediately provides the attacker with authentication credentials to the SSL VPN that are valid for the next 60 seconds, a number of remote shells to internal machines that have vulnerable web browsers, as well as the ability to perform web application attacks against internal and external web applications via the HTTP proxies running within the users' web browsers. This single attack exploits a number of trust relationships that the employees have with their email and web application to gain three separate routes into the target's internal network.
So you believe that your security infrastructure keeps your data secure and that your security policy guarantees that no sensitive information leaks out of your organization's bulletproof walls? Well, you are one of the majority who believe this, and unfortunately, this also means that you are one of the majority who are likely to be wrong and are more vulnerable to attacks than you think.
Web applications have mutated from being a combination of static pages and simple scripts on a single web server, into being highly complex and expensive web applications, spread across multiple web servers, application servers, database servers, and security layers, interfacing with other complex web applications, and incorporating various web architecture components, such as load balancers, web caching proxies, firewalls, and intrusion detection and prevention devices.
With all of the security devices built into this web infrastructure and the security features developed into these web applications, however, you still cannot be sure your data is safe. Why? Because the weakest area of security is always involved: humans.
For this reason, this chapter focuses on how attackers are able to enumerate and steal sensitive information from your users and your systems, and how they can manipulate, attack, and exploit trust relationships via a variety of attacks using web hacking techniques, in order to gain unauthorized access to your organization's assets, as well as active ways to detect and prevent these attacks from occurring.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.