Over time, a company’s network resources have grown to include the web server that hosts their website. In order to view website content in an Internet browser, users must be granted access to it, and this means that the firewall must be configured to grant users access to the web server. If the database firewall blocks the web server, website visitors would not be able to view the web content.
Once the database firewall is configured to allow access to the web server, it will automatically allow all traffic to flow between the user and the web server. The database firewall cannot differentiate between a nice user and a hacker, and as a result both are granted the same, authorized access to your web server.
Hackers Take Advantage of Known Errors
The most common way a hacker will take over the server is to take advantage of known errors in web server applications. Almost all web server software contains faulty code of some sort, and a hacker will use these glitches to his advantage. Examples include: In response to a form that asks for user information, a hacker types in commands that get executed by the web server. Many web servers offer debugging information to anyone who requests it through a standard web browser – including a hacker. A hacker can utilize an overflow capacity limitation on a web server by sending more information than the web server is expecting.
Buffer Overflow Error – CodeRed and CodeRed II virus
The most common error that hackers exploit is buffer overflow, which occurs when the hacker sends more information to the web server than it expects, and the server cannot correctly handle the overflow data. Extra data that does not fit in the allocated memory space can be used to alter the normal operation of the web server. When the overflow includes an executable file, the web server will run the program.
A quick note though- Firewalls only look at connections, not at the intent of the users attempting to connect or at the content the users may bring into a network environment. As long as firewalls contain openings for users to access resources, a hacker will continually have a method of gaining access and altering web servers – including web site content.