How to Protect your Web server
Today it is important to come on conclusion whether your web server is protected or not. IT being a part of day to day business has led to rise of lots of opportunity. But with that also rise the threats and attacks. The www functions with websites where you display your product info or use it as a medium to get in touch with the users. So to some extent many rely on the hosting provider about the security. In my views that is not enough. You must know and understand the major points involved in website security. The same is applicable with the database also. Today Apache web server is widely used around the globe. The security measures are carried out by the hosting provider to give the best protection. But still sites are hacked led to great loss. Before going further there are two small concepts which I want to explain in short. The web server mostly works on two stuff which is SSI and CGI. SSI called as Server Side Includes offers the website to manage html content or play with embedded scripting language. This are executed by the web server on the browser of your machine. You can see clicks and surf the site. CGI called as Common Gateway Interface is a kind of support to the server to run scripts or programs on the site. This work only when there is code embedded on the site and the page is called from the client browser. Apache already uses a fairly safe in the default configuration.
It is really nice to hear that today there are also many precautions and security measures taken by the web servers to avoid such attacks. My motive is to just create awareness and provide some suggestions that can guide you to stay away from the same. The web keeps on expanding and so on the threats. The tips are easy to follow. Anyhow to keep some of them in regular practice is recommended. Sometime the vulnerability still exist inside the operating system itself. Under that circumstances you can receive official patches which are must to have. Also many time when you try to use some add-ons or plug-in on your site, it comes with bug. But to fix them out the developing company also offers patches. Mostly servers are attack due to database.
Different types of attacks:
Check below the list of attacks. This are the most common and sometime widely used attacks never noticed by end user. Even if your web server is protected by the best software you will need to keep a check on the activity. Any ignorance can cause great loss. The list below are the attacks that occur often. Also I had mentioned a number of options to get rid of this attack and stay protected at the end. The attacks works usually when the server is not maintained properly. So first choosing a good hosting providing is needed. There are two major attacks which you can face in future. They are DOS and DDoS which affects the server widely.
Denial of Service: This is called as DOS attacks which exist on web from long time. The attack is very simple, and today is done by those individuals commonly knows basic scripting tactics and some basic technical skills. A DOS attack is an attack in which a system attacks another with intent to consume all system resources. So in short your server is too overloaded and becomes extremely slow. There are many security measure that you can carry out to avoid such attacks.
Re: How to Protect your Web server
Distributed Denial of Service
This is another DDoS attack which is a bit older than DOS. This one is the more risky one. IT does the same what DOS attack do but it works in more large and complex way. It can destroy multiple systems at a time. It can be thousand of them. Where the DOS attack is just a nuisance, a DDoS attack can be deadly because it can take a server offline quickly. The good news is that the skill level required to counter DDoS attacks off is not as high. I am also providing a small list of DDoS attacks. There are some types of DDoS attacks.
1. Synflood: TCP uses a connection between source and destination that can be seen as a virtual link.TCP uses the IP protocol to transfer data. TCP allows data transfer in both directions and simultaneously. This attack requires some knowledge of TCP / IP-namely how the process of IP communication. This attack is the equivalent of a network to send someone a letter that requires an answer, only that the letter uses a false sender. So when the target sends back a letter waiting for an answer but the answer never comes because somehow enters a black hole somewhere. Enough SYN requests to the system and the attacker can cause it to using all available connections in the system, so that nothing else can flow through it.
2. SQL Injection: In this case, an attacker uses weaknesses in the design of the database or website to extract further information or to manipulate data within the database. Although it is not possible in this case be more specific about how to remove this type of attack, you can avoid if you have knowledge of SQL, which should have-if you are hosting a database on your web server.
3. SNMP attack: These attacks are designed specifically to exploit the SNMP service, which handles the network and the devices on it. Since the SNMP service is used to manage network devices, by exploiting this service can get detailed intelligence on the network structure that can be used later for other attacks.
4. Port scan: As the name says the attacker scans the port of web server which an intent of finding open ports or vulnerabilities that can be exploited. This attack can be done in an easy to program any number of port scanners available free online. But I will not recommend you to do this. You can tracked and face legal penalties. This is one of the most common types of attack. Even a young hacker with minimal knowledge can do this. Other than this some experience attackers use this to capture your data.
5. Poor Coding: Poor Coding stands for process where the website is not optimized properly. This is due to low investment or poor knowledge. It is recommended that you must do the same with some experts before making your site. Do not add poorly built add-ons on your site which can open many vulnerabilities.
6. Pingflood: This is a another kind of DDoS attacks. It works in a simply way by sending ping to another system in an attempt to discover information about services or systems from top to bottom.
7. FTP: Under the attacker load a file an ftp server. This file is built especially to bring the server down. The file is send to another location which can be another ftp server within the same server space or organization. The uploaded file typically contains some sort of charge designed to make the server end to do what the attacker wants.
8. Fragmentation: In this case, an attacker uses advanced knowledge protocol TCP / IP packets to break into pieces or smaller, that bypass most intrusion-detection systems. In extreme cases, this type of attack can cause crashes, lockups, reboots, blue screens and other mischief.
Re: How to Protect your Web server
Tips to Protect your Web Server:
1. Protected IP Access: The web admin must be aware the way by which the server is contacted. It can be done via IP by connecting to a open port. But to some extent the admin ignores some ports which are not checked and set the web server on risk. It is therefore advisable to check the IP addresses over which access should be possible on the local system to explicitly define a Listen directive in the configuration file of Apache.
2. Managing the User Group: It is necessary to check properly the user group and privileges given. It can be find in the Apache configuration file. It is very important to modify the basic configuration and change the user group as and when needed. There are number of user groups which are not really needed and can be blocked. You will need to read in detail inside the apache config file. The user nobody is used here because it already exists on a variety of systems, where it is often used for running system services with non-privileged user. For security reasons, you should create a separate user for running the server and enter the user ID in the configuration file of Apache.
3. Remove Services: After installation and configuring server check properly that all those services which are not needed should be removed. There are number of services which you might never use. Like remote registry, print server, etc. You can find that list on web and remove all those which are not needed. Remember that this services occupies ports in the backend which can be exploited. Remove them completely. This will also boost your server performance.
4. Protect the Remove Server: For everyone who manages server via remote connection should ensure that the connection is secure. It can be by tunneling and using encrypting protocols which are not easily exposed. Instead of direct accessing the server you can try using security tokens for accessing the server each time.
5. Separately maintaining Testing and Production environment: This is one of the most crucial steps to carry on. Many admin test and make changes on live site. They might be using the default web browser or any third party app to modify the website. This is not a good practice. From security point of view, a developer should maintain the testing environment on separate location. Like using Xampp to test the site on localhost and then uploading the final changes. Or just getting a test server to see what the changes can do to the website. Also on this test server you can run a tons of attacks to determine how much your server is safe.
5. Bifurcating web server files in different location: For safety it is recommended that you must try to separate the content and scripts separately on server. Do no dump everything inside one place. This can be beneficial at the time of troubleshooting. Anyhow attacker who had enter your root directly can spoil the server. But bifurcating the files will give your data more security and the attacker might take longer time to get in which can be tracked.
6. Control Permission: Webadmin clearly knows what does permission stands for. The permission are responsible for a user to access a site or for a script to run. Many time due to invalid permission setup the security is compromised. So at start it is recommended to give least permission to the services that are running on the server. Grant full permission to only those which are needed importantly.
7. Regular Upgrades and Monitoring: Every time you can find easy security patches on the web which is released securely. Do not ignore them. Update your server as and when needed by running the most recent security patch. Monitoring is a process where the admin must have a look on the activity of server. The web server maintains a kind of logs which keeps tracks of server activity. Any suspicious activity can be tracked or blocked before time if monitoring or audit work is carried on regularly. Any use of server or Web site worth its salt will have some method to generate activity logs in the system. After you register this information, make it part of your regular routine for navigating records for problems, such as failures of or suspicious activity. Note that a record of intervention is as evidence from a crime scene: It is essentially worthless unless you intend to examine it later.
8. Blocking unused user accounts: This is easy to manage. When the system is configured there are default set of account groups that are created. It is easier to divide user as per the group created. But in my view do not leave any of them. Remove them and if needed create a user group with manual permission. The admin account should be modified as and when needed.
9. Scanning: Follow the scanning tools on web to check what is going on. The exploration of vulnerability can be a very powerful tool in the ongoing struggle to uncover problems relating to software, such as configuration and patching issues. Another advantage is that these scanning tools are updated regularly, so you can use to find the most recent that in a number of cases, including the issues that you may not even be aware of, allowing you the question before they can get affected. There are many freeware tools that you can use for this purpose.
10. Regular Updates: Keep a eye on notification and news. Many time new vulnerabilities are exposed when they reach to mass. So it is recommended that you must stay updated. You can do that by subscribing newsletter of special sites which offers you web server security tips. Also you can share many info with others.
Securing a Web server and application server that hosts is indeed a daunting task, but not impossible. With some research and a good dose of hard work (and maybe a few nights with some coffee), you can make your hosting environment much stronger and avoided some headaches in the long term.
|Tags: antivirus, apache, cgi, ddos, dos, firewall, security, server, sql injection, virus, web server, website|
|Thread Tools||Search this Thread|
|Similar Threads for: "How to Protect your Web server"|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Protect VPN using L2TP/IPSec in Windows Server 2003||Ander K||Windows Server Help||5||28-01-2011 05:19 PM|
|Need help to protect my usb||kolton||Networking & Security||5||25-11-2010 11:02 PM|
|How WPS protect my laptop||Fragman||Networking & Security||4||17-02-2010 11:30 PM|
|install a xp pro terminal server with windows server 2003 server||rossen||Operating Systems||3||13-03-2009 05:12 PM|
|How to protect from sniffing ?||Xanti||Networking & Security||3||09-01-2009 10:12 PM|