THM Putting it All Together
This room covers joining the various aspects to web content and some other components within the pre-security learning path, this learning path covers a lot of content I’ve already covered within university and self-study, but is a good refresher on the topics to further solidify them
Task 1: Putting it all together.
I’ve Read this
No Answer Needed
Task 2: Other Components
Load Balancers
Load balancers are utilized when web traffic is high or there is a need for the service to not go offline, due to critical up-time requirements. Load balancers receive a request for a website then make a decision about which server to forward the request to to serve the content to the client.
There are various algorithms utilized in order to facilitate this function, some examples are round robin (which send it to servers in turn (if 4 servers all host a site, the it will send the request to server 0, if 0 is swamped the it will be sent on to server 1 and so forth.)) Another is the weighted algorithm, which checks the total request to a server to send it to the one with the lowest traffic. Health checks are also performed by load balancers, which give them the utility to stop forwarding traffic to a clogged or otherwise non-functional server until the server is considered active again.
CDN’s (Content Delivery Networks)
Useful for minimizing website traffic, can be utilized in order to store website resources (HTML, images, videos, other files) and host them on many geographically independent servers. The CDN can determine a server which is close to the client and forward the request there instead of a server which is geographically distant.
Databases
Useful for storing and recalling information needed by a website, can range from a single file to many clustered networks to provide reliability and speed. There are many systems for implementation of database each with their own suite of features.
WAF (Web Application Firewall)
Sits between the requesting client and the server the information is stored on. Protect servers from hacking and denial of service attacks. Can be used to determine whether a request comes from a legitimate user or a bot-net (cluster of malicious computers). Enables rate limiting which only allows a certain amount of requests per IP through a server over a configured amount of time, if the limit is exceeded, then the WAF will block it from reaching the server and drop it.
What can be used to host static files and speed up a clients visit to a website?
CDN
What does a load balancer perform to make sure a host is still alive?
Health Check
What can be used to help against the hacking of a website?
WAF
Task 3: How Web Servers Work
What is a Web Server
Software that listens for connections and then uses the HTTP protocols in order to deliver web content to the requesting client. Common examples include Apache, Nginx and NodeJS. Files are delivered from a root directory, of which the default is different from Web Server to Web Server (Can also be defined by the user.).
Virtual Host
A single webserver can host multiple websites, this is what the Host portion of a URL refers to, this information is checked against a host file. VH’s can be mapped to different parts of a Hard Drive. There is no limit to how many websites can be hosted on one server.
Static Vs Dynamic Content
Static content stays the same, regardless of the request to the website, pictures, JS, CSS and HTML and common examples of static content.
Dynamic content could change based on the request, this often depends on the use of the back end, and where search integration is necessary (not always but often). Backend scripting and programming is used for this (Ex; to query a database.)
Scripting and back-end languages
Utilized to make websites interactive to the user (for example if they’d like to search content). Capable of interacting with databases, access external sources and process data from users.
Back end information will not be visible in the client side rendered website
What does web server software use to host multiple sites?
Virtual Host
What is the name for the type of content that can change?
Dynamic
Does the client see the backend code? Yay/Nay
Nay
Task 4: Quiz
Click the “View Site” button on the right. Using everything you’ve learnt from the other modules, drag and drop the tiles into the correct order of how a request to a website works to reveal the flag.
Note: When placing a tile in the correct position, it will highlight in green. When a tile is in the wrong spot, it will highlight in red. Make sure not to refresh the page, as it will reset the tiles all to blank again!
Flag
THM{YOU_GOT_THE_ORDER}