Secure your Web server

Mark Walla and Robert Williams

So here's the deal: Clearly you want to put your company onto the Internet in the best way possible, so customers and partners can get information they need to do business with you. At the same time, you want to make sure that you don't give away the whole ranch by letting anyone on the Web wander all over your server, finding whatever he might choose.

This tip, excerpted from

    Requires Free Membership to View

InformIT, discusses some of the things you can do to secure your Web server.

When implementing a Web server, certain basic guidelines should be followed to protect against security breaches. A Web server allows users to download designated files and run CGI scripts, Active Server Pages and server-side applets that are accessible to it. For this reason, the server should not be able to access sensitive files that contain proprietary company information or files pertinent to system security.

Limit the Web server to a specific directory subtree, and specifically dedicate a system to Web server duties (Windows 2000 uses %SystemRoot%Inetpub\wwwroot). Also, make sure that Web sites with password security do not place the password security file in a directory the server can read. The Web server should run as a very underprivileged user to limit its own access, with a privilege level just enough to perform required functions. It should have a firewall between it and the internal network, and no internal host should trust it through Windows 2000 domain trust relationships.

Because the Web server is permitted to run local components, all scripts, applets and active components should be analyzed for unintended uses. Remember: These scripts can be run with freely chosen parameters from the outside, so any service that allows users to download scripts to the server should be carefully scrutinized. FTP users should not be able to download to the Web server's file system area. In fact, almost all services should be disabled on the Web server except for HTTP.

To read the whole article from which this tip comes, click over to InformIT. You have to register there, but the registration is free.

This was first published in February 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.