Securing Public Web Servers
Download
Report
Transcript Securing Public Web Servers
Securing Public Web Servers
ASHRAY PATEL
Roadmap
Web server security problems
Steps to secure public web servers
Securing web servers and contents
Implementing secure network for web server
Network Locations for web servers
Firewall and Routers for Web Servers
Web Server Security Problems
Fraud, theft, vandalism, and terrorism
No matter how low the attack success rate, it will still
be able to exploit many systems
Attacks may cause significant time/money loss
Web Server Security Problems
Misconfiguration or other improper operations of
web servers
Vulnerabilities within the web servers
Someone could gain unauthorized access
Inadequate or unavailable defense mechanisms for
the Web server
DOS attacks
Steps of Securing Public Web Servers
Securing, installing, and configuring Web server
software
Employing appropriate network protection
mechanisms
Ex) Firewalls
Maintaining the secure configuration through
application of appropriate patches and upgrades,
security testing, monitoring of logs and backups of
data and operating system
Steps of Securing Public Web Servers
Using, publicizing, and protecting information and
data in a careful and systemic manner
Employing secure administration and maintenance
processes
Conducting initial and periodic vulnerability scans of
each public Web server and supporting network
infrastructure
Ex) Firewalls, routers
Securing Web Servers and Content
Two main components to web server security
security of the underlying server application and operating
systems
security of the actual content
The obvious is not to place any classified, or other sensitive
information on a publicly accessible Web server unless other steps
have been taken to protect the information via user authentication
and encryption
less obvious component of content security is compromised caused
by the way particular types of content are processed on a server
can lead to a compromise
Implementing Secure Network for Web Server
Network Location
Network location determines what network infrastructure can be
used to protect the Web server
Network location also determines what other portions of the
network are vulnerable if the Web server is compromised
Network element configuration
include firewalls, routers, intrusion detection systems, and
network switches
Each has an important role to play and is critical to the overall
strategy of protecting the Web server through defense
Network Locations
Some places where network locations would be bad
are:
On their internal production networks, that is they locate their
Web server on the same network as their internal users and
servers. This location is not recommended because it exposes
the internal network to unnecessary risk of compromise
placing the Web server before an organization’s firewall or
router that provides IP filtering. In this type of the
configuration the network can provide little, if any, protection
to the Web server. All security has to be provided by the Web
server itself, which provides a single point of failure
Firewall and Routers for Web Servers
Firewalls are devices or systems that control the flow
of network traffic between networks
They protect Web servers from vulnerabilities inherent in the
TCP/IP suite
They also help reduce the security issues associated with insecure
applications and operating systems
A common misperception is that firewalls eliminate
all risk and can protect against the misconfiguration
of the Web server or poor network design
Firewalls themselves are vulnerable to misconfiguration and,
sometimes to software vulnerabilities.
Video
https://www.youtube.com/watch?v=LFDtEr4K7G8
Conclusion
Web server security problems
Steps to web server security
Securing web servers and contents
Implementing secure network for web servers
Firewalls
Works Cited
https://harrietriyadi.wordpress.com/2013/02/02/gui
delines-on-securing-public-web-servers/
http://www.albany.edu/acc/courses/ia/acc661/sp800
-44.pdf
http://www.hanover.com/risksolutions/guidelinesfor-securing-public-web-servers.html