18-12-2012, 04:28 PM
INTRUSION DETECTION AND PREVENTION SYSTEM
INTRUSION DETECTION AND PREVENTION SYSTEM.pdf (Size: 614.97 KB / Downloads: 111)
ABSTRACT
Over the past decade, the popularity of the Internet has been on the rise. The Internet is being used by its clients to access both static and dynamic data residing on remote servers. In the client-server interaction, the client asks the server to provide information, and, in addition, the server may also request that clients provide information such as in “web forms.” Therefore, the Internet is being used for many different purposes which also include the web servers collecting the information from the clients. Consequently, attacks on the web servers have been increasing over the years. Due to the fact that web servers are now able to produce dynamic web pages based on the received requests, the web servers are now more vulnerable to attack than ever before.
One of the ways to produce the dynamic web page is Common Gateway Interface (CGI) technology. Attackers take the advantage of CGI scripts to perform an attack by sending illegitimate inputs to the web server. This report includes the findings and the results of the thorough research performed on the CGI-related web server attacks during the course of the project. In addition, this report contains a detailed explanation of the design and the implementation of the work done to develop an Intrusion Detection and Prevention System for CGI based web server attacks.
INTRODUCTION
In the past, a web server has been mainly used to serve static HTML requests. A web client would send a static HTML request to the web server, and the web server would respond with a static HTML response (Syroid, 2002). Over the years, there has been a tremendous change in the way we use the Internet. Today, a typical Internet user has much more interaction with the Internet than in the past. The Internet is now being used for sharing pictures, social networking, stock trading, banking, and many other uses. There has been a great increase in the development of new Internet-based tools while taking advantage of the gigantic popularity of the Internet among the general population. Photo editing tools such as Picnik, Picasa Web, video sharing, and editing on YouTube are good examples of the recent Internet-based tools. These popular tools were made possible only because of the abilities of the technologies like Common Gateway Interface (CGI) and Server Side Includes (SSI) to produce dynamic content based on the received requests (Selamt, 2003).
What is CGI?
Common Gateway Interface, commonly known as CGI, is a standard protocol used primarily by the web server to produce dynamic web pages. It is the CGI programs that have enabled the web servers to create the customized response with regard to the received request. With CGI, a web server can communicate with other parts or the programs running on the server to prepare the response. A CGI program calls other applications on the server and passes the user-specific information to the applications to prepare the response for the requested data or output (Gundavaram, 1996). After completing the operations, the CGI program returns the output to the web server and the web server then sends the response back to the client. The CGI programs are not language specific. They can be written in any language that provides standard input (STDIN) and standard output (STDOUT) (Marshall, 2002).
CGI Applications
CGI transforms the web server from a static server which primarily stores static web pages to an interactive server that clients can use to provide information to the server or access other applications running on the server. Let us discuss some of the popular applications that use CGI programs.
CGI Forms
CGI programs are most commonly used in the processing the input received from the forms. The forms can be used to gather information from the user or to enable the users run commands on the server. The forms can also be used to access other applications running on the server (Gundavaram, 1996). The CGI program then calls the appropriate application to process the input received the forms. The examples of the actions performed by the CGI include storing the information in the database, searching for documents, and running the Linux/Unix commands on the server etc. A CGI program is linked to the forms embedded in the web pages on the server by using the ACTION attribute of the HTML FORM tag. This is done as follows: