Home > Ask the Security Experts > Network Security Questions & Answers > What types of Web services can compromise Web server security?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What types of Web services can compromise Web server security?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 25 September 2006
Are there any services that pose risks to the Web server security?

>
EXPERT RESPONSE
Absolutely. As a general principle, you should not run any service on your Web server that is not required for the Web service to function properly. This will vary depending upon the operating system and Web platform you're using, but you should always strive to have the minimal set of services running. The presence of extraneous services offers malicious individuals additional attack vectors to exploit, compromising the security of your system while providing no business benefit to you.

Along these same lines, you should separate critical components of your infrastructure so that each server only hosts one critical service. For example, if you have a dynamic Web application, it is good practice to host the database and Web server on different systems. This provides a degree of isolation and allows you to more easily implement layered protection against attacks.

More Information

  • Learn how to plan and perform a secure installation of your Web server's operating system and services, in Lesson One of SearchSecurity.com's Web Security School.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?
    What are the security risks of opening all the ports on an internal router?
    Will Cisco's plan to open access to the IOS improve network security?
    Will VoIP attacks result in more than just spam?
    Should enterprises implement a mandatory iPhone VPN?

    Web Services Security and SOA Security
    MySpace, Facebook ignoring basic principles of security
    Kaminsky: DNS flaw capable of attacks on many fronts
    Information security book excerpts and reviews
    Kaminsky on DNS rebinding attacks, hacking techniques
    Which operating system can best secure an FTP site?
    IBM's Watchfire halts network research, focuses on Web apps
    How does identity propagation work?
    Citrix adds Web security with acquisition
    Are attackers using malware to exploit service oriented architectures?
    Using an XML security gateway in a service-oriented architecture

    IIS Security
    Kaminsky: DNS flaw capable of attacks on many fronts
    Trend Micro site compromised
    What server considerations should be made when setting up an internal network's private applications?
    IT discussion: Is malware the cause of a DNS server error?
    Insider's guide to IIS Web server security
    Microsoft July updates for critical Excel, Windows and .NET flaws
    Finding and blocking Web application server attack vectors
    What's the best way to verify client authentication across unrelated Web servers?
    Microsoft to release DNS patch Tuesday
    DNS worm strikes at Microsoft flaw
    IIS Security Research

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts