Sitereview.org
Headlines | Software | Hardware | Science | Coding | Sysadmin | Humor | Misc
The Tech Website Directory  (Click 'post' below) 

Understanding Web Security

Up
vote
Down

The moment you get your Web server up and running and available to the rest of the world, you open a window for others to get into your network. You intended to do this, right?

Most people will use the information available on your Website, but some may look for holes in this window so that they can get to information that they are not supposed to access. Some of these people are vandals who want to create embarrassing situations, and some are information thieves.

Either way, if anyone succeeds in finding that hole, you may find your Web sites mutilated with obscene materials, or you might even lose confidential data. Sometimes the attacks do not affect your site directly. The infiltrators may use your server and other resources to get to another network, putting you at legal risk. None of these scenarios is desirable.

I assume that the following security requirements are applicable for your Web site:

  • Maintaining the integrity of the information you publish on the Web.
  • Preventing the use of your Web server host as a point for break-ins into your organization’s network (which could result in breaches of confidentiality, integrity, or availability of information resources).
  • Preventing the use of your Web server host as a staging area for intrusions into other networks (which could result in your organization being liable for damages).

Most Web security incidents occur because confidential information is made vulnerable by improperly configured software. The software could be the Web server itself, or applications (such as CGI programs, Server-Side Includes, and Server API applications) that are run by the Web server. This can result in the inadvertent disclosure of confidential information. Subsequent attacks can be launched by exploiting the confidential information.

If your Web server configuration is tight and the applications run by the Web server are fairly secured, are you done?

No, because the attacks could be targeted to the Web server via different routes. Your Web server might become compromised by way of totally unrelated applications, or by a bug in the operating system, or by poor network architecture.

To be secure, you have to look at each and every detail. This can be a daunting task; but remember that it is impossible to have a completely secured environment. There is never a foolproof solution to all security issues, because all issues are not known. Your goal is to improve your security as much as possible.

The Security Checkpoints

The very first step in protecting your Web server from vandals is to understand and identify the risks involved. Not too long ago, Web sites only served static HTML pages, which made them less prone to security risks.

The only way a vandal could hack into such Web sites was to break into the server by gaining illegal access. This was typically done by using a weak password or by fooling another daemon (server) software.

However, most Web sites no longer serve static HTML pages; they serve dynamic contents that are often personalized to provide a rich user experience. Many Web sites tie in applications to provide valuable customer service or to perform e-commerce activities. This is when the risks start to weigh more and more. Yes, Web applications are the heart of the Web security problem.

Most Web sites that have been hacked by vandals were not vandalized because of the Web server software. They were hacked because of one or more holes in the application or script that the Web server software ran.

There are several security checkpoints that you need to review to improve the security of your public Web server. There are three primary checkpoints:

  • Your network: This is the outter most checkpoint, which needs to be very strong. Your network connects to the Internet via either a router, firewall system, or a gateway server.Therefore your nework is a primary security checkpoint. Securing your network should be your primary security concern.
  • Your operating system: The operating system you use for your Web server is very important. If you run Apache on a version of the operating system (whether it be Linux, Windows, or Solaris) that is known to be a security risk then your server can be attacked. Running an up-to-date opearating system is a must.
  • Your Web server software: This is your third security checkpoint. Make sure that you’re running a version of Apache that has no known security risks.
mail this link | score:9988 | -pbisnis, June 3, 2010
Modern art T-shirts:  I Love Her T-shirts
More articles...

 

Articles and website reviews are owned by their authors.
The rest is © 2000-2010, Ray Yeargin.
software headlines

Sitemap Design

Linux Data Recovery

OSSpinions: Software Review Site

Free Unix Shell Access

The biggest online game website

Free Disposable email address

Easy Ubuntu script adds the missing software

The Best Free Software

Free Font Directory

Anonymous Surfing Live CD

Torrent Finder

The Best Free Software List

Java port of Quake2

Downloads: DOS Games Collection

Game downloads: A great way to relax

Galaxy Vision multiplayer online game

Variations in Solitaire

3D Space Combat Game: Void War

 

Bookmark us! 

post 

Posting Guidelines

Site info

News feed

Login
(to post)

Search