Ways of compromising a server.

Hi,

If I'm running a hardware firewall that is blocking all ports bar one, which it forwards to a server and the server is running a custom application that is only listening on the single forwarded port, then providing the application is secure from buffer overflows etc, what other ways are there for this server to be compromised?

Thanks,
Uni
LVL 3
Unimatrix_001Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
tigermattConnect With a Mentor Commented:

If we are assuming the software application you are running has no flaws in it, and you indeed only have one port open, then that does not open up much of an attack surface. Physical access to the server aside, the only route by which somebody could hack or exploit the server would be to use some bug in the firewall protecting the server to evade the port restrictions and access the server on some different port. Most firewalls, however, are very secure and have such minimal coding that a flaw would be very difficult to find - particularly if your firewall is made by one of the larger manufacturers.

A DDOS attack, while it would bring your server down, could not actually compromise the server. It just takes it out of service for a period of time, until the attack stops.

Finally, does the application you are running on the open port have some username/password authentication method? If it does, you'd need to ensure there was some lock-out feature, to stop somebody remotely trying random password combinations or dictionary attacks to brute-force their way into your server.

-Matt
0
 
nappy_dConnect With a Mentor Commented:
Even though you are protected from external attacks, you have to also consider your internal network.  Many times we blindly "trust" the internal network, however users can bring your network and servers down from the inside also.

Depending on your situation, this is a wide open segment that needs to be considered.
0
 
tigermattCommented:

There are several ways. The most important one which people often overlook is the fact the server could be physically compromised. The security of that machine is only as good as the lock on the door to the server room where it resides. If someone breaches that security, you will have a bigger problem than having to clean up after a hacking / virus infection; the server or your data could easily be stolen.

The other route as the previous poster states is the fact the server could be brought down inside the network. However, in your example, you said the server is only listening on one port. If that implies the server is also running a firewall of some description, then this approach is a bit less likely, compared with not having any firewall on the server and therefore having it wide open to the internal network.

-Matt
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
Unimatrix_001Author Commented:
Hi,

nappy_d: Sorry, this tends to happen I fire off a question without filling in the details. There isn't an internal network to speak of.

tigermatt: Again, my apologies, see the response above.

I was thinking more in terms of hacking and/or exploits, other than other things?
0
 
nappy_dCommented:
Again though, the exploits all are based on the type of access that the hacker has to the computer in question.  Sure you only have one apparent port open.  Is the server on it's own network totally segmented from all other computers except for the firewall's connection?

As tigermatt has mentioned, does anyone else but you or other admins have physical access  to the server?
0
 
Unimatrix_001Author Commented:
>>Is the server on it's own network totally segmented from all other computers except for the firewall's
>>connection?
Yes. There's no physical connection at all.

>>As tigermatt has mentioned, does anyone else but you or other admins have physical access  to the >>server?
No, just me...
0
 
nappy_dCommented:
I could just ping your IP to death or try and open multiple connections to your port after I run NMAP to your box.
0
 
Unimatrix_001Author Commented:
Yes, but a DOS attack cannot compromise the server (unless I'm mistaken?)
0
 
nappy_dCommented:
no but it prevent connections.
0
 
Unimatrix_001Author Commented:
Thank you. :)
0
All Courses

From novice to tech pro — start learning today.