Home > Ask the Security Experts > Network Security Questions & Answers > What types of Web services can compromise Web server security?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What types of Web services can compromise Web server security?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 25 September 2006
Are there any services that pose risks to the Web server security?

>
Absolutely. As a general principle, you should not run any service on your Web server that is not required for the Web service to function properly. This will vary depending upon the operating system and Web platform you're using, but you should always strive to have the minimal set of services running. The presence of extraneous services offers malicious individuals additional attack vectors to exploit, compromising the security of your system while providing no business benefit to you.

Along these same lines, you should separate critical components of your infrastructure so that each server only hosts one critical service. For example, if you have a dynamic Web application, it is good practice to host the database and Web server on different systems. This provides a degree of isolation and allows you to more easily implement layered protection against attacks.

More Information

  • Learn how to plan and perform a secure installation of your Web server's operating system and services, in Lesson One of SearchSecurity.com's Web Security School.


    • BROWSE BY TAG
    Network Security,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Services Security and SOA Security,   Web Server Threats and Countermeasures,   Web Application and Web 2.0 Threats,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Network Security
    How to set up a split-tunnel VPN in Windows Vista
    What is the difference between static and dynamic network validation?
    Port scan attack prevention best practices
    Securing the intranet with remote access VPN security
    How to prevent network sniffing and eavesdropping
    How to implement virtual firewalls in a complex network infrastructure
    How to manage network bandwidth with distributed ISP bandwidth
    How to edit group policy objects to give a user local admin rights
    How to prevent operating system cloning with AES 256-bit encryption
    How to securely connect a LAN POS to a remote point-of-sale device

    Web Services Security and SOA Security
    Information security book excerpts and reviews
    Security testing firm uncovers XML vulnerabilities
    Cryptographers say cloud computing can be secured
    Will cloud computing and virtualization save the day?
    MySpace, Facebook ignoring basic principles of security
    Kaminsky: DNS flaw capable of attacks on many fronts
    Kaminsky on DNS rebinding attacks, hacking techniques
    Which operating system can best secure an FTP site?
    IBM's Watchfire halts network research, focuses on Web apps
    How does identity propagation work?

    Web Server Threats and Countermeasures
    Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability
    How do passwordless SSH keys represent an enterprise attack vector?
    Information security book excerpts and reviews
    Increase in Gumblar backdoors poses FTP credential problems
    VeriSign extends DDoS attack protection service
    Microsoft issues IIS FTP advisory, exploit code circulates
    Panda reports fast-spreading rogueware antivirus fraud rakes in millions
    Oracle issues quarterly patches, fixes database flaws
    Latest DDoS attacks extremely unsophisticated, experts say
    Stolen FTP credentials likely in massive website attacks

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    cache cramming  (SearchSecurity.com)
    content filtering  (SearchSecurity.com)
    Web filter  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2010, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts