TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

481

482

483

484

485

486

487

488

489

490

6-7

Intrusion Detection and Prevention

IDS/IPS Concepts

■ Non-persistent (Type 1)

A non-persistent XSS attack is executed on pages that prompt the user for

information each time they visit the Web page. For example, search

engines require the user to type a word or phrase into a search field each

time they visit the Web page. Attackers can launch XSS attacks on these

pages to attack the search engine user. This attack is non-persistent

because it must be executed each time the search engine is used—the

attacker must inject the code each time the search engine is used.

■ Persistent (Type 2)

A persistent XSS is executed on Web pages that store the users’ informa-

tion between visits. For example, online blog sites store the blog and

comment information for all users to view. An attacker can launch an XSS

attack on a blog forum page that will attack any user that views the Web

page. This attack is persistent because it automatically executes each time

a user visits the Web page—the attacker only needs to inject the code

once.

SQL Injection

Similar to XSS attacks, an SQL attack is launched when a user injects mali-

cious SQL code when accessing Web page that uses an SQL database. For

example, Web pages using improperly secured ASP.NET applications are

vulnerable to SQL injection attacks. A successful SQL injection can endanger

data stored in these databases and possibly execute remote code. Users that

access a compromised SQL database can become unwitting victims of attacks

that install malicious software onto their workstations.

Viruses and Worms

Viruses and worms can spread rampant through an unprotected network and

cause enormous amounts of damage to vital files and network resources. Two

categories of viruses and worms are listed below:

■ Zero-day viruses and worms

Worm and virus attacks initially took days or weeks to spread over a

geographical area, which gave developers time to distribute Cautions and

signature files across the Internet. However, in 2003 and 2004, worms such

as SQLSlammer and Sasser aggressively propagated throughout the world

in a matter of hours, before anyone had time to create a signature to detect

them. These “zero-day” attacks consume incredible amounts of network

resources as they propagate and can use unique code that may not be

detected by most antivirus software. Without a way to detect the new

worm or virus, most networks are left completely vulnerable.