Protecting a Web server from external attack

Protecting a Web server from external attack

How can we protect our Web server from external attack?


    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

There are a number of things you can do to protect yourself against external attacks.

First, the Web server should have only those services running that are absolutely needed.

Second, the operating system and applications should all have the most recent security patches installed. The OS should be "hardened" as much as possible. A paper that is OpenBSD centric, but has some application to hardening all operating systems can be found at http://geodsoft.com/howto/harden/hardintro.htm.

Third, it should sit behind a firewall that only allows those ports needed for operation. For example, if it is purely a Web server that does not need any access from the outside other than via http and https, then only ports 80 and 443 need to be open. However, if you are running a Web hosting company, your clients need to be able to upload files and more. So you'll probably need to enable the ports for FTP and Telnet. If you are combining this with e-mail services, you'll need to open the ports for POP and SMTP, or whatever protocols you use for mail.

Fourth, all form input should be validated by the script that handles the form. Buffer overflows are a favorite type of attack. A good reference for CGI script security is located at http://www.w3.org/Security/Faq/wwwsf4.html.

Fifth, make use of audit logs. Use TCP_Wrapers where you can.

Sixth, make regular backups. Even the best security planning is not perfect. Someone still might find a way to break in. And even if there is no security break-in, you might lose a hard drive. So, you still want to have regular backups.

Essentially, you want to do everything you can think of to improve the security of the machine. You can do some Web searches for security information on your particular combination of OS and Web server application and find lots of good advice on the best things to do to make the server as secure as possible.


This was first published in August 2001