Threats on the web server can be defined as potential methods that can be used to attack the network in the organizational set up. There are many threats that target web server application. However, this does not necessarily mean that there is always vulnerability in the web server application (http://www. microsoft. com/technet/prodtechnol/office/livecomm/library/cwa/security/cwasec_3. mspx). There are many threats facing the web server, some of which include Compromised –Key Attack, Denial-of-Service Attack, and Eavesdropping.
In Compromised –Key Attack threats, the attacker is able to identify a secret code or number that is used by the web server to encrypt, decrypt, or validate secret information. The attacker can thus be able to decrypt information in the event that the secret key or code has been successfully determined without the sender of information knowing. In the Denial-of-Service Attack, the attacker is capable of preventing normal network use by the valid users. For instance, “the attacker may attempt to flood the server with invalid logon attempts” (http://www.
microsoft. com/technet/prodtechnol/office/livecomm/library/cwa/security/cwasec_3. mspx , para 12). These kinds of attacks may end up disrupting the entire application and services on the network because of a lot of invalid data. Therefore, this could lead to denying users the access to resources in the network. Eavesdropping occurs when the attacker is able to access the data path in the network and thus be able to read and monitor the traffic. This threat can as well be referred to as sniffing or snooping.
The attackers can read the plain text as soon as they are able to access the path by sniffing the wire. Therefore, looking at these threats, any commerce organizational web server is under the threat of attack and it is thus important to have measures in place that can be used to reduce or avoid such threats in the organization.
Microsoft Office Communicator Web Access Security Guide; Identifying Possible Security Threats, 2006, retrieved on 18th Jan 2008 from http://www. microsoft. com/technet/prodtechnol/office/livecomm/library/cwa/security/cwasec_3. mspx