6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Security Analysis of Webservers of Prominent<br />
Organizations of Pakistan<br />
Muhammad Naveed<br />
Free Lance Research, Pakistan<br />
mnaveed29@gmail.com<br />
Abstract: Insecure webservers are a serious threat to the organization’s repute and resources. Successful attack<br />
on webservers can destroy the trust of customers or people getting services from the organization. Webservers<br />
were selected for this study because they provide easily accessible entrance to the network from the Internet and<br />
security of webservers should be considered as an index to assess the organization’s overall information security.<br />
This study analyzes the webservers of prominent organizations of Pakistan to assess their level of security.<br />
Webservers of different types of organizations were selected to provide a general view of security of Pakistani<br />
webservers. The selected webservers were of the organizations who should be first to secure their webservers as<br />
they are the leaders in their respective fields in the country. So, all the smaller organizations can be assumed to<br />
have much lesser concern for security. Benchmark for every type of organization was first established to compare<br />
the results of the analysis with it. Nmap scanner was used to scan the webservers for security threats. The results<br />
reveal that the webservers in Pakistan are not secure and there is extreme need of awareness about information<br />
security in the country. The lack of importance given to information security can lead to cyber terrorism and might<br />
create lot of troubles for the country.<br />
Keywords: information security, analysis, security threats, Webserver, Pakistan, Nmap<br />
1. Introduction and background<br />
Security is one of the fundamental requirements for each and every network, just like it is the<br />
requirement for each and every human. Without proper security, a network is just like a house without<br />
doors and windows. In case the network has a lot of valuable information and resources, it’s like a<br />
bank full of money without any guards and security cameras. Just like the bank in the example will be<br />
a serious place for potential theft or robbery, same is the case with the insecure networks. But, there<br />
is much difference in human perceptions about the unsafe bank and insecure networks. People don’t<br />
understand the ultimate results of insecure networks and in Pakistan the situation is worst.<br />
Businesses and individuals don’t even consider it to be an element that needs consideration.<br />
Negligence in information security can have terrible consequences. It is not difficult to imagine the<br />
chaos created if an ill-intentioned person gains access to the country’s most trusted news channel’s<br />
website. Let’s suppose he just adds one single headline that a bomb has been placed at a specified<br />
place in the city or on some road side, what would be the troubles faced by the people? Let’s take<br />
another example, if he just adds one line that prime minister has said that we are going to attack our<br />
neighbor soon, which may end up in bloody feud between the two countries or at least create<br />
misunderstandings between the countries and can seriously damage the relationships between the<br />
countries. Trend Micro Data–stealing malware focus report of June 2009 says, “In March 2008, data<br />
from 4.2 million credit card numbers were stolen in transmission as a result of malware installed on all<br />
of Hannaford Brothers’ servers in 300 stores”. (Trend Micro 2009) There are hundreds of other<br />
examples of attacks performed to achieve malicious objectives.<br />
The study analyzes the webservers of famous and most reputable organizations of the country. Three<br />
types of organizations were considered for the study: Education and Research, Commercial<br />
Organizations and News channels. Benchmark is first set by analyzing the world’s respectable<br />
organizations and whose analysis shows their webservers to be almost completely secure.<br />
Benchmark is set, so that the results can be compared with them. Exactly similar Pakistani<br />
organizations’ webservers as the organizations used to set benchmarks were analyzed to give an<br />
insight about the information security awareness in the country. Organizations selected for analysis<br />
should be first to implement security on the basis of their status and business capacity. Webservers<br />
were selected because they can be easily analyzed from Internet and analysis of webservers<br />
provides insight for the complete network security of the organization. Nmap scanner was used to get<br />
the results. The identity of the Pakistani organizations analyzed is kept secret because of the possible<br />
damage to the repute of the organization. But, it is simple to use Nmap scanner to analyze any<br />
organization’s web server and getting almost the similar results for many organizations of the similar<br />
type. So, the results are basically an indicator of the security awareness on a large scale.<br />
188