Ask
Login
0
2.4kviews
Vulnerabilities at Application Layer
written 6.1 years ago by gravatar for swatisharma swatisharma 1.3k
cryptography and network security
ADD COMMENT EDIT
1 Answer
0
63views
written 6.1 years ago by gravatar for swatisharma swatisharma 1.3k

Application Layer

Protocols used: HTTP, FTP, telnet, SMTP, DHCP

a) HTTP: we communicate to the internet via a web browser, the web browser by default use HTTP as a communication protocol to transfer files that makeup web pages from the web server.

  • These transfers are done in plaintext and thus an intruder can easily read the data packets, instead, we use HTTPS (Hypertext transfer protocol secure) which is managed by a security protocol called ‘Security Socket Layer (SSL)’
  • SSL provides encryption of data transmitted between web server & web client or browser.
  • It uses key encryption to exchange a ‘symmetric key’ between the client & the server to encrypt the HTTP transaction (both request and response)
  • data transfer will be unreadable to an attacker using a packet capturing tool.

b) Session hijacking: It happens when the attacker steals an HTTP session after observing and capturing packets using a packet sniffer.

  • This will lead to change communication from client to the web server.
  • possible when weak authentication between client and web server during the initialization of the session

c) Replay attack:

  1. Resends sent data by modifying it.
  2. Spoof client’s IP address and redirect machine

d) Cookie poisoning: Saving information, a message from cache

e) Cross-site scripting: hacker inject malicious code into a web browser or application & it is executed at the client side.

f) DHCP: It is used to automatically assign a temporary IP address to client machine after a request, logging into an IP n/w.

  • DHCP server is configured with a pool of IP addresses that are leased to a client machine after a request.
  • It is misused by an attacker by making this service unavailable.
  • DHCP starvation attack: is the consuming of IP address apace allocated by the DHCP server.
  • An attacker can send a lot of DHCP request broadcasts using spoofed MAC addresses.
  • The DHCP server simply leases out its IP addresses one by one until it simply runs out of IPs to give out.
  • When a genuine user wants to access the n/w, the server will not offer any IP address automatically & the user will not be granted access into the n/w. This is DOS attack i.e. Denial of Service.

Remedy: Port security, only specified number of MAC addresses per port.
ADD COMMENT EDIT
Please log in to add an answer.