TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

481

482

483

484

485

486

487

488

489

490

6-7

Intrusion Detection and Prevention

IDS/IPS Concepts

■ Denial of service (DoS)

■ Backdoors

Policy Violations

An example of a policy violation attack is when a user leaves the password

field empty while trying to access an FTP server.

Cross-Site Scripting (XSS)

Cross-site scripting is the most common type of publicly reported security

vulnerability. An attacker can change user settings and hijack accounts,

poison cookies, expose SSL connections, gain access to sensitive page con-

tent, and manipulate many other objects associated with dynamically gener-

ated Web pages by injecting malicious scripts into the Web pages. Two types

of XSS attacks are detailed below:

■ Non-persistent (Type 1)

A non-persistent XSS attack is executed on pages that prompt the user for

information each time they visit the Web page. For example, search

engines require the user to type a word or phrase into a search field each

time they visit the Web page. Attackers can launch XSS attacks on these

pages to attack the search engine user. This attack is non-persistent

because it must be executed each time the search engine is used—the

attacker must inject the code each time the search engine is used.

■ Persistent (Type 2)

A persistent XSS is executed on Web pages that store the users’ informa-

tion between visits. For example, online blog sites store the blog and

comment information for all users to view. An attacker can launch an XSS

attack on a blog forum page that will attack any user that views the Web

page. This attack is persistent because it automatically executes each time

a user visits the Web page—the attacker only needs to inject the code

once.

SQL Injection

Similar to XSS attacks, an SQL attack is launched when a user injects mali-

cious SQL code when accessing Web page that uses an SQL database. For

example, Web pages using improperly secured ASP.NET applications are

vulnerable to SQL injection attacks. A successful SQL injection can endanger

data stored in these databases and possibly execute remote code. Users that

access a compromised SQL database can become unwitting victims of attacks

that install malicious software onto their workstations.