We help IT Professionals succeed at work.

Ways of compromising a server.

Unimatrix_001
on
Medium Priority
202 Views
Last Modified: 2012-05-06
Hi,

If I'm running a hardware firewall that is blocking all ports bar one, which it forwards to a server and the server is running a custom application that is only listening on the single forwarded port, then providing the application is secure from buffer overflows etc, what other ways are there for this server to be compromised?

Thanks,
Uni
Comment
Watch Question

Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT
Commented:
Even though you are protected from external attacks, you have to also consider your internal network.  Many times we blindly "trust" the internal network, however users can bring your network and servers down from the inside also.

Depending on your situation, this is a wide open segment that needs to be considered.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

There are several ways. The most important one which people often overlook is the fact the server could be physically compromised. The security of that machine is only as good as the lock on the door to the server room where it resides. If someone breaches that security, you will have a bigger problem than having to clean up after a hacking / virus infection; the server or your data could easily be stolen.

The other route as the previous poster states is the fact the server could be brought down inside the network. However, in your example, you said the server is only listening on one port. If that implies the server is also running a firewall of some description, then this approach is a bit less likely, compared with not having any firewall on the server and therefore having it wide open to the internal network.

-Matt

Author

Commented:
Hi,

nappy_d: Sorry, this tends to happen I fire off a question without filling in the details. There isn't an internal network to speak of.

tigermatt: Again, my apologies, see the response above.

I was thinking more in terms of hacking and/or exploits, other than other things?
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
Again though, the exploits all are based on the type of access that the hacker has to the computer in question.  Sure you only have one apparent port open.  Is the server on it's own network totally segmented from all other computers except for the firewall's connection?

As tigermatt has mentioned, does anyone else but you or other admins have physical access  to the server?

Author

Commented:
>>Is the server on it's own network totally segmented from all other computers except for the firewall's
>>connection?
Yes. There's no physical connection at all.

>>As tigermatt has mentioned, does anyone else but you or other admins have physical access  to the >>server?
No, just me...
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
I could just ping your IP to death or try and open multiple connections to your port after I run NMAP to your box.

Author

Commented:
Yes, but a DOS attack cannot compromise the server (unless I'm mistaken?)
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
no but it prevent connections.
Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:

If we are assuming the software application you are running has no flaws in it, and you indeed only have one port open, then that does not open up much of an attack surface. Physical access to the server aside, the only route by which somebody could hack or exploit the server would be to use some bug in the firewall protecting the server to evade the port restrictions and access the server on some different port. Most firewalls, however, are very secure and have such minimal coding that a flaw would be very difficult to find - particularly if your firewall is made by one of the larger manufacturers.

A DDOS attack, while it would bring your server down, could not actually compromise the server. It just takes it out of service for a period of time, until the attack stops.

Finally, does the application you are running on the open port have some username/password authentication method? If it does, you'd need to ensure there was some lock-out feature, to stop somebody remotely trying random password combinations or dictionary attacks to brute-force their way into your server.

-Matt

Author

Commented:
Thank you. :)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.