The BRICKServer™ Web Appliance was designed to assist small business in achieving a secure web presence as well as simple email and ftp functions. The user interface is designed to be understood by a basic user and allows remote administration of a web site that can be supported by a contractor. Based on that design purpose, this analysis sought to understand whether a hacker more sophisticated than a script-kiddie could manipulate the system to accomplish the following adversary goals through attacks on the server:
The only metric applied to this analysis is a binary metric of success – if any of the flags could be achieved, then a successful attack was counted. Attacks that did not achieve the flag were counted as unsuccessful attacks.
Like all security systems, there is a dependence on proper implementation of the system. The BRICKServer™ relies on the following to ensure secure operations:
Within the constraints of this analysis we found the BRICKServer™ Web Appliance to be very robust for attacks against the server. In particular, the removal of the shell to prevent execution of unauthorized services will address the threat from the novice hacker who primarily uses existing scripts that require a shell to work. This meant that we were driven to play a more sophisticated hacker and to delve more deeply into the source code.
The services with the most privileges are of the greatest interest to an attacker. In the BRICKServer™, these are the ADMIN and THTTP services. The three services comprising mail (POP3, TURN, and SMTP), and the FTP service, have very little privilege, so that if an attacker manages to take them over, the server will still be protected by the PBS security mechanisms.
Described below are the types of attacks attempted against the server and the associated results. It is important to note that an adversary could obtain legitimate access (social engineering) to update web pages and consequently obtain access to other web pages on the server and that attacks on the client are more likely.