How to maintain Web server security

[Sharanya]

Maintaining Web server security, information security, is one of the difficult responsibilities. You need to conflicting roles to find a balance, allowing legal access to network resources, while preventing malicious damage. So, if anybody can help me or give me guidance to maintain the web server security I will be very thankful. If that is not possible then replying, the related information will also do.

[deveritt]

You need to consider two-factor authentication, such as RSA SecurID, Authentication System to ensure that high degree of confidence, but this is for not all Web site users may be practical or uneconomical. Suppose there are two separate organizations, network application, for external users of services and for internal users of the service, to be careful to deploy these applications on different servers. This can reduce the malicious user penetrating the external server to gain access to sensitive internal information access.

[Techguru01]

Unfortunately, many organizations do not follow this basic rule, on the contrary allow developers to debug code on a production server or development of new software. This is terrible for both security and reliability. Production test code on the server causes users to experience failure, when the developer submitted untested vulnerable code, the introduction of security vulnerabilities. Most modern version control systems (such as Microsoft's Visual SourceSafe) contribute to coding / testing / debugging process.

[johnson22]

According to me, every security professional knows the importance of maintaining server activity logs. Since most Web servers are open to all Internet-based services is very important. Review will help you detect and react to attacks, and allows you to troubleshoot server performance issues. In high-security environment, ensure that your logs are stored in the physical security of the site - the most secure (but least convenient) technique is to generate a log on the print out of the establishment of an intruder cannot be modified paper records, provided that the invasion who does not have physical access. You may want to use electronic, such as logging into the secure host encryption with digital signatures to prevent log theft and modification.

[Jackson2]

Software developers committed to creating software applications to meet business needs, they often overlook information security is an important business needs. As a security professional, you have the responsibility to the developer that affects Web server security problems training. You should make developers aware of network security mechanisms to ensure that they developed software will not violate these mechanisms; also offer training on concepts, such as buffer overflow attacks and process isolation - all of these pairs of code and generate the security of application software greatly

[Techno01]

Patching the web servers and operating system, this is another common sense, but when the administrator for other tasks while the overburdened often ignore this point. Security bulletins, such as CERT or Microsoft released a notice, a reminder that software vendors frequently release fixes some security vulnerabilities. Some tools such as Microsoft's Software Update Services (SUS) and RedHat upgrade services to help to automate this task. In short, once the flaw is published, and if you do not fix it, eventually will be found and used.