At present, already became in view of the application and the backstage database's application level invasion more and more rampant, like SQL pours into, the cross stand script attack and the user visit without authorization and so on. All these invasions have the possibility to bypass the onstage safety system and to initiate the attack to the data origin.
In order to cope with this kind of threat, the new rank's security is blooming, this is the application security. This kind of safety work applies the traditional network and the operation system-level intrusion detection system (IDS) concept in the database (i.e. application). Is different what with the usual network 'OR' operation system solution, provides initiative, in view of the SQL protection and the surveillance using IDS, may protect the Web application which thousands of packs in advance or develops voluntarily. For example, may monitor and protect the key using IDS the data, causes these in view of the database attack, like the buffer overflow and Web and so on are unable using the attack to the database to create the true harm, moreover may also carry on the examination using IDS to these events.
Applies between the security and the network and the main engine security has the very big difference. Using is infinitely varied, but attacks the goal is always same, also invades the database. Because applies uses SQL and the database carries on the correspondence, therefore good application IDS must be able to analyze SQL, and provides one kind to be able to understand the current capacity the content, and can make a clear distinction between the demarcation line with the application the objective protector.
Has three modules most using IDS. First is based on the network or main engine's sensor. The network sensor connects in a switchboard's port, this port's disposition decided that it may examine in the database all current capacities. Comparatively, main engine sensor direct presence in application. The sensor may collect the SQL transaction and carry on the analysis to it, then decided whether can aim at this current capacity to sound the warning. If has the necessity to issue the warning, warned that can transmit for the next module, namely control bench server. This server saves the event information, and is sensor maintenance and so on strategy disposition and promotion central points. In the application IDS third module is the Web browser, the manager may use it to revise the IDS establishment, the real-time surveillance event and produces the report.
 ĦĦĦĦ
Will pour into the attack take SQL as the example, the aggressor will attempt to bypass Web the server definition the SQL sentence, the goal will be must pour into own sentence. The supposition needs to input user named Bob, the password is Hardtoguess.
When saw after these inputs content, the database will find in the WebUsers line with it match content, then this application will carry on the confirmation to the user. In order to invade the database, SQL pours into the attack to be able to deceive the application, and causes it to believe that oneself had already submitted the correct certificate. The SQL sentence which for example, the attack use's password is `blah'huo `A'= `A', therefore attacks when founds possibly can be: SELECT * FROM WebUsers WHERE Username= `Bob' AND Password= `blah' OR `A'= `A'Ħ£
Other pages: : 1 * 2 * Next>>
|
You are here: hacking technology
> invades the examination
> Content
Category: Home
> invades the examination
