Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Threats and Mitigation Strategies for Apache Web Server and Centos Linux Server

Verified

Added on 2023/06/11

AI Summary

This article discusses the various threats faced by Apache web server and Centos Linux server and provides mitigation strategies to counter them. It covers topics such as Apache version number, DoS attacks, unwanted ports liability, SSH access liability, TCP SYN floods, and more.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Table of Contents
1. Design Analysis..................................................................................................................................2
2. Threats towards Centos Linux Server.............................................................................................4
3. Threats towards the Apache web servers........................................................................................7
4. Threats towards the network..........................................................................................................16
5. Firewall Policies and IPS / IDS Policies.........................................................................................18
6. Apache Web Server Configuration Summary...............................................................................19
7. Testing Plan......................................................................................................................................20
8. Conclusion........................................................................................................................................20
References................................................................................................................................................21
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1. Design Analysis
One textile industry named "Wear it on" recently launched the open source HTTP server.
That has the Apache 2.0 with Cent OS servers (Mallett, 2014). These process was done by the
trainee who doesn’t have the good sound of awareness on the network security and network
servers. While he testing the server he found that a TCP scanning performed. It was noticed after
the establishment of connection with internet. The report was all about the study of the
administration process carried out by the industry. Also the major threats for the Cent OS will be
recognized in this project. The reorganization only not enough, we have to take corrective
actions against the problem causes. Then only we can able to ensure the safety of the system
against threats.
ModSecurity is a web appilication firewall (Ristic, 2009) (Albanese and Sonnenreich,
2004) (Cole et al., 2009. This software was available as zero cost. Because it was open-source
software. During the initial stage of the product people can use this software for security purpose
with HTTP module. Because of its features which is expanded to almost all internet based
applications as well as software packages similar to NGINX, IIS etc. Huge no of developers are
there in the project development. But the same time a strict governing policies are formed for the
safety purpose. These policies are known as “Sec Rules”. This software was added in the web-
server as a plugin. Some situation this also used as a Proxy-server. This software consists of the
subsequent processes. They are listed below (Lockhart, 2004) (Knipp and Danielyan, 2002).
 Monitor system security
 Controlling the permission for assessing the system
 Security testing purpose
 Reorganization of the masking-server
 Maintain the up-loading as well as down-loading size
 HTTP security
 Appraising system properties
2

In networks it is essential to monitor the security and in the network it is consider as a
single part and it is used to gather the data and used to analyze them. And also it analyze the
attacks and make a safety for that networks.
In the system access control measurement is essential in the network and it had many
devices to the control and access to the system. And access network could be Ethernet and fiber
optic networks.
Security testing is used to describe about the tools for detect the vulnerable kind of
software. And in the testing the attitude of system has notified and positive things also explored
through this testing.
HTTP security is known as the secure concern of that rules and it use to add the
constraints for the security purpose. And it had additional letter as s and that seems to be the
meaning of security. If the security is not sure to provide the network but more webpages using
that protocol and it makes the text given by the user as plain text. And it is vary from normal
protocol and in that web pages analyze the messages through this protocol. And the system
security has their properties to make a process as perfectly.
The design setup is shown above. An apache based webserver is configured. Mod
security is installed in the webserver which can act as firewalls. Snort, Nessus and Fire starter are
installed. Honeyd also installed. The following IPs are selected.
1.Attacker (IP Address :192.168.1.2)
2.Web server(IP Address:192.168.1.1)
3.Honeyd(IP Address:192.168.100.100, alias:192.168.1.101, 192.168.1.102)
The threat analysis are done as follows.
3

2. Threats towards Centos Linux Server
1.1 Apache version number
In the digital world the webservers easily attacked by the attackers. They simply hack the
server by the use of special codes. They do this activity when they know the details about the
apache of the webserver. Cyber-attacks are highly dangerous. Because these attacks are the
reason for the data stealing, etc. So we must protect the apache version details. So we should
disable the server-signature and token details. In the below figure the apache version details are
showed for the deep understanding. And in the below screenshot the server tokens and the details
are listed and these details according to the server as apache and that tokens such as major and
minor and kind of operating system. And the version of apache is notified in each terms and the
operating system may be the UNIX.
The following two lines should be added in apache2.conf and httpd.conf
ServerToens Prod
ServerSignature Off
1.2 Many connections
When the hacker sends lot of web requests the webserver will craash without handling multiple
requests.
MITIGATION
Max connections will be defined in the httpd.conf settings. Usually 256 is the limit.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

1.3 DoS attack
One kind of cyber-attack carried out by the cyber-criminal. The main objective of
the attack was to cause the severe damage to the server. For this attack the attacker must check
the active status of the server. If the safety features are in the disabled condition, the attacker
easily crash the entire server. He needs to restart a system. That was achieved by the simple five
steps. For a band width a huge no of attacks are carried out. If the system has the heavy traffic,
the control was not possible. That is the positive parameter to the attacker. Using this flaw the
attacker can easily attacks the server. DOS attack means Denial of Service attack. Normally two
different types of attacks are used in the DOS attack. The first one is flooding service or crashing
service. And the next one is service to crash. Sometimes the system receives two much of traffic
in the server, then the floods attack is occur. The flood attack is broadly classified into three
different types.
 Buffer overflow attack
 ICMP flood
 SYN flood
Buffer overflow attacks- one of the most famous attacks, it based on the concept of the
network address receive more traffic than the programmers are easily building the system for
handle this situation. It also determines the bugs in certain applications are networks.
ICMP flood- the spoofed packets are used for send the packets to the misconfigured
network. And also it ping the every target computer network. All the above operations are done
5

in one specific machine. To amplify the traffic, it triggered by the network. ICMP flood attack is
also known as smurf attack or ping of death.
SYN floods- it not support the handshake process but it send the connection request to a
server. All the open ports are saturated and no legitimates are available.
MITIGATION -SIZE OF LIMIT REQUEST
Here the no of HTTP request need to reduced. That reduces the controlling of the traffic
of the web server. The size probably set minimum by manually. We can perform the action by
change the configuration of the directory. The code was showed in the below.
LimitRequestBody 512000 #set the limit to 512 MB
1.4 DISTRIBUTED DENIAL OF SERVICE ATTACK (DDoS)
It is also the attacking process carried out to crash the server. Here the group of
computers are formed to attack the server. All the computers are affected by the Trojans.
Mitigation
Normally the file attack is solved by the changing of time and in that two sectors is there. One
is timeout in that web server should have to complete the work within the time. SO for that issue
we can make a time ass too long before it could be loss. And each webserver has own time for
the process but the default time for this server is 300 seconds. And another one is represented as
take a time is alive and in this the web server need to wait for the request when the connection
getting end and it has the default time as 5 seconds.
Unnecessary modules
In the Linux server the function of the server get installed as default in the process of installing
apache in kind of operating system. To avoid the unwanted modules we can do switch of the
symbol in the line. For this action the server have to restart.
1.5 Access to httpd.conf
This file controlls everything in the web server. The direction and the functionality can affected
by this configuration file. The file permissions shoudld be set in such a way that hacker can not
access this file.
6

chattr +i /usr/local/apache2/conf/httpd.conf
Is the command prompt for disabling the httpd.conf file.
3. Threats towards the Apache web servers
3.1 First starter utilization
In the network it need a tool to scan such as nmap and this tool is used to scan the ports
using command and make a report. BY the usage of this tool the hackers able to get the system
access.
Mitigation
Fire starter is known as the system and it is used to get the scanning reports in the firewall
using namp tool. And the benefit of firewall is to avoid the traffic. And below diagrams it shows
the domain access and display the status of firewall and the connections are shown and also used
to analyze the traffic and notice the activity listed in the figure.
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

FIREWALL EVENTS AFTER NMAP SCAN FROM ATTACKER
In the above diagram it shows the list of events time and data about the port and service and
list out the protocol used for this occurance.
3.2 Insider Assailant
8

GUI attack
Normally the data storage happened in the server so by this interface the attacker get the
access in cent operating system.
Mitigation
The solution provided for this attack in the way of modify the files such as inittab and have
to modify the parameter. In the below diagram it shows the inittab function and display the
running levels and describe about the initial step of the system.
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

COMMAND LINE INTERFACE MODE
Attacks are happened by the attacker such as inside users. And in this attack happened
between two branches and sometimes the attack may be happened in another system.
MITIGATION
To choose the modification of host files for make a rules.
3.3 UNWANTED PORTS LIABILITY
By the usage of Nessus in the servers we can get the data about tcp and udp ports. And we can
use the tool to scan the servers by the way the person get the access permission. And below
12

figure shows the sub netting process and details about the protocol and describe the details
about the host and security warning. And display about the VMware function.
Mitigation-IP tables
The administrator of the ip tables we can manage the data from the ports as unknown
and it have the rules for the data packets. And here below the screenshot shows the packets and
commands to execute the input and make the output and also display the forward message.
13

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

3.4 SSH ACCESS LIABILITY
The attackers may get freedom to access the system in the secure shell systems.
In the secure shell we can solve the problems using the root performance as bad and the creation
of the user and in the secure shell it is used to lead the system. For the modification we have to
modify the files and restart the system. And in that it has the capacity for creating more user.
3.5 SSH PROTOCOL VERSION LIABILITY
The main problem in use Nessus scanning tools on the Linux servers was SSH protocol
version liability. This problems are raised due to the lack of ability of the previous SSH protocol.
So we need to rectify the problem by updating the new version of the software. It is be a good
corrective action for this problem.
MITIGATION – To reduce the harmful effect of the problem we need to implement the
below described techniques.
 Change the sshd_cofig&protocols
 Restart the server
14

3.6 GRAPHICAL USER INTERFACE (GUI) LIABILITY
In Cent OS GUI was easily attacked. Because the authentication process was not too
good in this system. Attacker can easily able to retrieve the access permission to open and use
the server. So the attacker can able to do the cyber-crimes like data stealing.
MITIGATION – To reduce the harmful effect of the problem the below given set of procedures
are recommended.
 Edit inittab file
 Modify “id:3:initdefault”
 Restart the server
15

CLI method
4. Threats towards the network
3.2 TCP SYN FLOODS
TCP connections are established by the use of TCP-hand shake. Here the cyber-attackers are use
this method to attack the server by IP-address spoofing process. So users can able get the SYN /
ACK packet from the servers. Until the process of discarding this files, the actions are continued.
After completing this the back-log was received to ensure the safety of the server. And this
synchronization is known as the attack and it works to make a request to the ip address and
analyze the traffic.
MITIGATION: To reduce the harmful effects of the TCP_SYN_FLOOD_PROTECTION, we
need to follow those steps.
16

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Edit the ‘sysctl.conf’ file like below showed method.
3.3 USE OF PORTSENTRY FOR NMAP PROTECTION
Attackers use the NMAP tools for performing the TCP scanning actions on the servers.
That kind of tools has a potential to check the server for identify weakness in the server which is
responsible for the cyber-attack.
MITIGATION:
Port sentry was a tool used to perform the identification of TCP scanning attempted by
the attackers. It gives the notification about all the request given to access the exposed port of the
server.
17

This figure shows the messages can be found in /var/log/messages file. And in the messages it
includes the details for the local host.
3.4 HONEYD
It is the carbon copy of the Linux based server, which are developed by the virtualization
techniques. This acts similar to the trap. Because it catches the cyber-attackers who are trying to
attack the server. After getting all the details we can improve the security against the particular
attacker. This also the cost effective method than installing the large no of physical servers, at the
same time it gives higher security than physical server implementation. And it acts as a code
used to work with multiple operating systems. And it used many hosts work at one place.
3.5 IP SPOOF
IP-spoof was one of the harmful action carried out by the cyber attackers to attack the
Cent OS servers. Here attackers create the dummy IP value to perform the cyber-attack.
MITIGATION: here we follow the below described set of procedures to reduce the harmful
effects of the IP spoof.
 Edit ‘sysctl.conf’
 Change to net.ipv4.conf.all.rp_filter=1
 Restart server.
18

In the above diagram it shows the details about the kernel file and Linux file and also provide
the details about the binary values.
5. Firewall Policies and IPS / IDS Policies
Security devices policies are explained (Huang, 2014)
Firewall Policies
IDS Policies
6. Apache Web Server Configuration Summary
19

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7. Testing Plan
One vm is setup and testing is done. Test results found satisfactory. Kali Linux is used to
create some attacks and the webserver is able to stop those attacks.
8. Conclusion
In this report the detailed analysis about the various security problems arise in the Linux
Cent OS based server was recognized successfully. Also the harmful effects of those problems
are analyzed. Based on the research the detailed mitigation action for each problem was
described to reduce the harmful effect of the problems.
20

References
Albanese, J. and Sonnenreich, W. (2004). Network security illustrated. New York: McGraw-Hill.
Alibi, M. and Roy, B. (2016). Mastering CentOS 7 Linux Server. Birmingham: Packt Publishing,
Limited.
Bandel, D. (2000). Linux security toolkit. Foster City, Calif.: M & T Books.
Cole, E., Krutz, R., Conley, J. and Cole (2009). Network Security. Hoboken: Wiley [Imprint].
Fung, K. (2005). Network security technologies. Boca Raton, FL: Auerbach Publications.
Hollar, R. and Murphy, R. (2006). Enterprise Web services security. Hingham, Mass.: Charles
River Media.
Hsiao, A. (2001). Sams teach yourself Linux security basics in 24 hours. Indianapolis, Ind.:
Sams.
Huang, S. (2014). Network security. [Place of publication not identified]: Springer.
Kalsi, T. (2016). Practical Linux Security Cookbook. Packt Publishing.
Knipp, E. and Danielyan, E. (2002). Managing Cisco network security. Rockland, MA:
Syngress.
Kranakis, E., Haroutunian, E. and Shahbazian, E. (2008). Aspects of network and information
security. Amsterdam: IOS Press.
Lin, D., Tsudik, G. and Wang, X. (2011). Cryptology and network security. Berlin: Springer.
Lockhart, A. (2004). Network security hacks. Sebastopol, CA: O'Reilly.
Mallett, A. (2014). CentOS System Administration Essentials. Birmingham: Packt Publishing.
Ristic, I. (2009). Apache Security. Sebastopol: O'Reilly Media, Inc.
Steidler-Dennison, T. (2005). Build your own web server using Linux & Apache. Collingwood,
Australia: SitePoint.
Visconti, I. and De Prisco, R. (2012). Security and cryptography for networks. Berlin: Springer.
21

1 out of 21

+13062052269

info@desklib.com

Threats and Mitigation Strategies for Apache Web Server and Centos Linux Server

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Network Security Threats and Mitigation Strategies for Apache Web Servers

Entity Management Service for Internet of Things-Based

Network Security Implementation

Secure Web Server: Types of Attacks and Security Measures

Advanced Network Security: Installation and Configuration Guide for CentOS, Apache, PHP, MySQL, and More

Cloud Computing