Understanding Threats to Your Application Server

Server General TDE, Server General KMS
Application Servers Do Not Control Their Own Destiny

Database and file servers store some of the most critical information for an organization. The very nature of data they host makes them targets of attacks/exploits/compromises. These application servers often have effective built-in-security measures so as to keep the critical information they host intact. For example an application server tries to implement security policies for users to control their access. While this holds true at the application layer but when it comes to operating system environment things are different. Here is the real problem.

The problem:
All application servers are ultimately dependent on their host operating system environment for many services. The operating system (OS) is responsible to provide a secure environment for an application server and its data. Traditional mainstream operating systems implement multi-user security policy as one of the measures towards achieving this goal. The problem with this approach is that security policies are “user” and not “application” oriented. Therefore, the operating systems is able to maintain user’s privacy in a much better manner but it fails to guarantee the same level of privacy to applications. The normal ‘root has it all’ policy is a grave threat to all application servers. Once the OS is compromised it exposes application’s critical data to a whole host of attacks.

Threats:
Here is a partial list of threats as it nearly impossible to generate over encompassing list of all threats since they are constantly evolving.

Spoofing:
An attacker tries to find out identity of a person or a machine in order to get important information from the application server. Generally, the attacker attempts to locate some representation of identity like credentials in clear format, tokens and cookies containing authentication credentials to achieve this. This spoofed identity facilitates the attacker to get to important information by acting like as a legitimate user.

Data tampering:
Data tampering is the unauthorized modification of data with intent to cause chaos or reap some benefit. An attacker can either replace or garble the application data. Integrity of the application data can be compromised when it is at rest, for instance data stored in a database or in a file or even when it is in transit (on the wire if it is being transmitted in the clear-text format). Sophisticated attackers can even manipulate encrypted data sets e.g. if the attacker knows the salary of a person is higher than their own, then they can just swap the encrypted bits.

Repudiation:
Corruption of audit logs like system log, application log among others can cause multitude of problems. An attacker always wants to make sure that they leave no audit trail behind of their malicious activity. Therefore the attacker either tries to delete log files or tampers with the information stored in these files. Lack of pristine logging information can make any attempt to conduct a forensics analysis nearly impossible.

Information disclosure:
Every application has some information that is critical to the organization. Only authorized personnel are allowed to access such information. However, an attacker tries to find a way to access such critical information by analyzing application behavior or by snooping or by eavesdropping.

Denial of service:
The attacker launches a denial of service attack to deny service to legitimate users. This results in downtime and hence affects revenue. The attacker can achieve this by using a distributed denial of service (DDOS) attack like flooding the server with TCP SYN requests or by exploiting poorly configured components of the application server or by deleting application’s important files etc.

Elevation of privilege:
An attacker can try different ways to elevate their privileges. The most targeted applications by attackers are those that run with privileged permissions. Attacker can use different techniques like buffer overflow to get privileged access. Other applications that use unprivileged permissions can also be exploited to elevate the privilege.

Next time we’ll discuss how the above mentioned attacks can be launched.