Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-expand-tabs-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u914373182/domains/onepaze.com/public_html/wp-includes/functions.php on line 6114
Network Security Assessment Solution for Web-Based Applications – ONE Paze

Network Security Assessment Solution for Web-Based Applications

This network security assessment solution focuses on identifying vulnerabilities in web-based applications, with a specific emphasis on cross-site scripting (XSS) attacks and denial of service (DoS) attacks. The assessment reveals critical vulnerabilities in Kirandeep’s blog contact form and the network’s firewall configurations. Recommendations for mitigating these vulnerabilities are also provided.

Network security Assessment Solution

3a. Cross-site scripting is the most common of all vulnerabilities on web-based applications.

This type of attacks do not affect applications instead use server (application) code to perform

attacks. Kirandeep’s blog contact form serve the purpose of receiving comments/suggestions

from the users. Instead contact form was used by the hackers/spammers to send emails to

number of people via it, even only Kirandeep’s email id is stored in the code. The fields in

the contact form serve as the platform for executing additional (hackers’) scripts to send

mails or perform any other spam or hacking activities.

3b. “Your email address” field can be used to send mails to number of people associated or

not associated with the blog. PHP code uses “mail” [3] function to send

comments/suggestions to site owner, which has additional header such as Cc, Bcc.

Your Email Address xyz@xyz.com; CC: abc@abc.com; BCC: def@def.com

Even the “message” field can be used to execute any web page, URL or script to send spam

emails.

Message URL:sendmail.com

send_mail.php

send_mail.exe

3c. James should disable additional header or filter out line breaker/separator from “your

email address” field to restrict spam emails.

Disabling additional header will stop/restrict to email addresses in Cc and Bcc.

mail ($to, $subject, $message, null]

The “message” field should be in plain text instead of HTML to disable any active URLs and

echo command should be used only to display messages.

3d. Hackers may use contact form only once to send spam emails to number of people. But,

the spam emails can have hazardous affects on the recipients. The script in message can be

used to steal confidential information.

2a. The Denial of service attack has occurred in the network by using most of the network

bandwidth by creating fake addresses. There are a lot of ping request from source with no

response from the destination.

2b. Attacker should have used Unix/DOS command for initiating ping attack with deficient

packet size.

2c. IP address of host: 138.77.216.136

Attack has initiated from a personal Dell system (Dell_99:dc:92) from Australia.

2d. Filters used are TCP, DNS and ICMP. TCP is used to check connection between

application and IP, UDP to get checksum of port numbers and ICMP for checking error

messages from devices.

1a.

1b.

External Firewall (FW1)

Rule Protocol Transport

Protocol

Source IP Source

Port

Destination IP Destination

Port

Action

1 6 TCP 200.27.27.10/24 Any 10.0.0.10/24 Any Allow

2 6 TCP 10.0.0.10/24 Any 200.27.27.10/24 Any Allow

3 6 TCP 10.0.0.20/24 Any 200.27.27.10/24 Any Allow

4 6 TCP 10.0.0.30/24 Any 200.27.27.10/24 Any Allow

5 6 TCP 192.168.1.253/28 Any 200.27.27.10/24 Any Allow

6 6 TCP 200.27.27.10/24 Any 10.0.0.20/24 Any Allow

7 6 TCP 200.27.27.10/24 Any 10.0.0.30/24 Any Allow

8 6 TCP 200.27.27.10/24 Any 192.168.1.253/28 Any Allow

9 Any Any Any Any Any Any Deny

Internal Firewall (FW2)

Rule Protocol Transport Source IP Source Destination IP Destination Action

Protocol Port Port

1 6 TCP 192.168.1.254/28 Any 10.0.0.254/24 Any Allow

2 6 TCP 10.0.0.254/24 Any 192.168.1.254/28 Any Allow

3 6 TCP 192.168.1.240/28 Any 192.168.1.254/28 Any Allow

4 6 TCP 192.168.1.254/28 Any 192.168.1.240/28 Any Allow

5 6 TCP Proxy 3028 192.168.1.240/28 Any Allow

6 Any Any Any Any Any Any Deny

External Firewall

Rules Explanation

1 Allow Incoming connections from Internet to DMZ

2 Allow Outgoing connections from DMZ to Internet

3 Allow Outgoing connections from Email Services to Internet

4 Allow Outgoing connections from Web Services to Internet

5 Allow Outgoing connections from Special Host to Internet

6 Allow Incoming connections from Internet to Web Services

7 Allow Incoming connections from Internet to Email Services

8 Allow Incoming connections from Internet to Special Host

9 Deny any other connections

Internal Firewall

Rules Explanation

1 Allow outgoing connections from Internal Network to DMZ

2 Allow incoming connections from Internal Network to DMZ

3 Allow outgoing connections from Clients to Internal IP

4 Allow incoming connections from Clients to Internal IP

5 Allow outgoing connections from Clients to Internal IP for Internet access

6 Deny all other connections

Leave a Comment