Security of web servers and web services

Volker Hockmann; Heinz-Dieter Knöll; Ernst L. Leiss

Security of web servers and web services

Publikation: Beiträge in Sammelwerken › Aufsätze in Sammelwerken › Forschung

Standard

Security of web servers and web services. / Hockmann, Volker; Knöll, Heinz-Dieter; Leiss, Ernst L.

Encyclopedia of multimedia technology and networking. Hrsg. / Margherita Pagani. Hershey, PA : Information Science Reference, 2009. S. 1284-1292.

Publikation: Beiträge in Sammelwerken › Aufsätze in Sammelwerken › Forschung

Harvard

Hockmann, V, Knöll, H-D & Leiss, EL 2009, Security of web servers and web services. in M Pagani (Hrsg.), Encyclopedia of multimedia technology and networking. Information Science Reference, Hershey, PA, S. 1284-1292.

APA

Hockmann, V., Knöll, H-D., & Leiss, E. L. (2009). Security of web servers and web services. in M. Pagani (Hrsg.), Encyclopedia of multimedia technology and networking (S. 1284-1292). Information Science Reference.

Vancouver

Hockmann V, Knöll H-D, Leiss EL. Security of web servers and web services. in Pagani M, Hrsg., Encyclopedia of multimedia technology and networking. Hershey, PA: Information Science Reference. 2009. S. 1284-1292

Bibtex

@inbook{07b82649393346f8aaf0053c372b8bae,

title = "Security of web servers and web services",

abstract = "Web servers and the Web services associated with them have become increasingly important in the last few years. Online banking, e-mail, and money, business- to-business (B2B), and business-to-client (B2C) transactions are growing rapidly. It is difficult to imagine modern business without these forms of networking. However, there are also significant negative aspects. In many cases, due to competitive pressures, companies and government agencies had to implement these services very fast, often too fast and without any appreciation of the concepts of security and protection. As a consequence, it turns out that a hacker can misuse with little effort these Web services or compromise the underlying database (e.g., to obtain access to credit cards numbers or social insurance information). A very significant percentage of the population in developed and developing countries is using wired and wireless connections for reading e-mails, accessing newsgroups, or using Internet banking. All these services are running on a Web server. Most Web servers are running the Apache or the Microsoft Internet Information Server (IIS) (all versions of both servers [Apache 1.3.x/2.x, IIS 3-6]) (Netcraft, 2006). Of these, older versions of the Internet Information Server are especially vulnerable to numerous attacks. Therefore, an attacker is in a position to break, with little effort, into many Web servers running IIS 4 or 5. However, the Apache Web server (running on Windows systems) is also vulnerable to similar attacks. Moreover, using a Web server based on UNIX or Linux is not a guarantee for a secure system. UNIX and Linux systems are also affected by inherent weaknesses and vulnerabilities such as buffer overflows and the handling of format strings (ZDNet, 2006). Readers who like to have more general insight are referred to works by Leiss (1990) and Garfinkel and Spafford (2002). These books give broader perspectives on Internet security.",

keywords = "Business informatics",

author = "Volker Hockmann and Heinz-Dieter Kn{\"o}ll and Leiss, {Ernst L.}",

year = "2009",

language = "English",

isbn = "978-1605660141",

pages = "1284--1292",

editor = "Margherita Pagani",

booktitle = "Encyclopedia of multimedia technology and networking",

publisher = "Information Science Reference",

address = "United States",

}

RIS

TY - CHAP

T1 - Security of web servers and web services

AU - Hockmann, Volker

AU - Knöll, Heinz-Dieter

AU - Leiss, Ernst L.

PY - 2009

Y1 - 2009

N2 - Web servers and the Web services associated with them have become increasingly important in the last few years. Online banking, e-mail, and money, business- to-business (B2B), and business-to-client (B2C) transactions are growing rapidly. It is difficult to imagine modern business without these forms of networking. However, there are also significant negative aspects. In many cases, due to competitive pressures, companies and government agencies had to implement these services very fast, often too fast and without any appreciation of the concepts of security and protection. As a consequence, it turns out that a hacker can misuse with little effort these Web services or compromise the underlying database (e.g., to obtain access to credit cards numbers or social insurance information). A very significant percentage of the population in developed and developing countries is using wired and wireless connections for reading e-mails, accessing newsgroups, or using Internet banking. All these services are running on a Web server. Most Web servers are running the Apache or the Microsoft Internet Information Server (IIS) (all versions of both servers [Apache 1.3.x/2.x, IIS 3-6]) (Netcraft, 2006). Of these, older versions of the Internet Information Server are especially vulnerable to numerous attacks. Therefore, an attacker is in a position to break, with little effort, into many Web servers running IIS 4 or 5. However, the Apache Web server (running on Windows systems) is also vulnerable to similar attacks. Moreover, using a Web server based on UNIX or Linux is not a guarantee for a secure system. UNIX and Linux systems are also affected by inherent weaknesses and vulnerabilities such as buffer overflows and the handling of format strings (ZDNet, 2006). Readers who like to have more general insight are referred to works by Leiss (1990) and Garfinkel and Spafford (2002). These books give broader perspectives on Internet security.

AB - Web servers and the Web services associated with them have become increasingly important in the last few years. Online banking, e-mail, and money, business- to-business (B2B), and business-to-client (B2C) transactions are growing rapidly. It is difficult to imagine modern business without these forms of networking. However, there are also significant negative aspects. In many cases, due to competitive pressures, companies and government agencies had to implement these services very fast, often too fast and without any appreciation of the concepts of security and protection. As a consequence, it turns out that a hacker can misuse with little effort these Web services or compromise the underlying database (e.g., to obtain access to credit cards numbers or social insurance information). A very significant percentage of the population in developed and developing countries is using wired and wireless connections for reading e-mails, accessing newsgroups, or using Internet banking. All these services are running on a Web server. Most Web servers are running the Apache or the Microsoft Internet Information Server (IIS) (all versions of both servers [Apache 1.3.x/2.x, IIS 3-6]) (Netcraft, 2006). Of these, older versions of the Internet Information Server are especially vulnerable to numerous attacks. Therefore, an attacker is in a position to break, with little effort, into many Web servers running IIS 4 or 5. However, the Apache Web server (running on Windows systems) is also vulnerable to similar attacks. Moreover, using a Web server based on UNIX or Linux is not a guarantee for a secure system. UNIX and Linux systems are also affected by inherent weaknesses and vulnerabilities such as buffer overflows and the handling of format strings (ZDNet, 2006). Readers who like to have more general insight are referred to works by Leiss (1990) and Garfinkel and Spafford (2002). These books give broader perspectives on Internet security.

KW - Business informatics

M3 - Contributions to collected editions/anthologies

SN - 978-1605660141

SN - 1605660140

SP - 1284

EP - 1292

BT - Encyclopedia of multimedia technology and networking

A2 - Pagani, Margherita

PB - Information Science Reference

CY - Hershey, PA

ER -

Weitere Publikationen dieser Person(en)

Genetic Implications of Chemical and Textural Properties of Some Fra Mauro Breccias (Apollo 14)

Knöll, H-D. & Stöffler, D., 1978, XI GENERAL MEETING OF INTERNATIONAL MINERALOGICAL ASSOCIATION : Abstracts, Volum III, Nvosibirsk, 4.-10. September 1978. Novosibirsk: USSR Academy of Science, S. 28-29 2 S. III

Publikation: Beiträge in Sammelwerken › Abstracts in Konferenzbänden › Forschung › begutachtet

Genetic Implications of Chemical and Textural Properties of Some Fra Mauro Breccias (Apollo 14)

Knöll, H-D., Stöffler, D., Bierhaus, E. & Liening, M., 1980, Cosmic Mineralogy: Proceedings of the XI Geneal Meeting of IMA, Nvosibirsk, 4.-10. September 1978. Leningrad: USSR Academy of Science, S. 15-24 10 S.

Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet

A Graphic Language for Business Application Systems to Improve Communication Concerning Requirements Specification with the User

Knöll, H-D. & Suk, W., 01.10.1989, in: Software Engineering Notes. 14, 6, S. 58-60 3 S.

Publikation: Beiträge in Zeitschriften › Zeitschriftenaufsätze › Forschung

A matrix of evaluation and comparsion of Case-Based Reasoning (CBR) software tools to facilitate understanding and appreciation

Husein, T., Moreton, R., Sloane, A. & Knöll, H-D., 1999, Proceedings. World Multiconference on Systemics, Cybernetics and Informatics: Volume 3: Virtual engineering and emergent computing. Torres, M. (Hrsg.). Orlando: International Institute of Informatics and Systemics, S. 334-339 6 S.

Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet

An evaluation of BPR methodologies adopting NIMSAD: A systematic framework for understanding and evaluating methodologies

Husein, T., Moreton, R., Sloane, A. & Knöll, H-D., 1999, World Multiconference on Systemics, Cybernetics and Informatics: Volume 1: Information systems. Callaos, N. (Hrsg.). Orlando: International Institute of Informatics and Systemics, S. 205-213 9 S.

Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet