The Network Security. Org

Step by Step Guide: Securing Web servers

Doing business in today's world seems to create an ongoing need to set up a new Web server. For everything from development to marketing to training to ecommerce, the desire to load up static pages or networked applications is endless. But how can you be sure that the path you go down will lead you to a secure Web server that's less likely to be compromised by malicious outsiders or rogue insiders?

There are certain must have baseline configuration settings every Windows based Web server needs regardless of whether it's IIS, Apache or some no name software built into your niche email server product. Your goal for configuration settings should be to have a server ready to be placed "in the wild" that's resilient to common Web server OS and application attacks and vulnerabilities:

* Null sessions
* Weak share and NTFS permissions
* Weak passwords and authentication systems
* Exploitable vulnerabilities due to missing patches and other OS misconfigurations
* Fingerprinting
* Parameter manipulation
* Default scripts
* Buffer overflows
* Cross-site scripting
* SQL injection
* Denial of Service due to missing critical layered defenses

This is certainly not an exhaustive list of attack methods, but it covers the main areas at both the OS and Web server application levels. Step by Step Guide: Securing Web servers

More News

• Website infection rate triples
  



• How to Use Honeypots to Improve Your Network Security
  



• Microsoft Patch Tuesday Targets 26 Application Flaws
  



• SSL VPNs might not be as secure as you think
  



• 8 tips to filter spam effectively
  



• Onus on IP address owner to prove innocence
  



• How to install an SSH Server in Windows Server 2008.
  



• Several vulnerabilities closed in the Linux kernel
  



• 8 Best Practices for Encryption Key Management and Data Security
  



• Free Honeypot Client Could Sting Malware
  



• What Firewalls Do & Donot Do
  



• Symantec fingers D Link for bot attacks
  



• WhiteHat: 90% of Sites Still Vulnerable
  



• Red Hat releases free security code
  



• A new type of Bluetooth security
  



• Dude, where is my perimeter?
  



• Scaring users into IT security
  



• VMware fixes security bugs
  



• The top 10 security land mines
  



• Encrypt volumes through a cross platform GUI with TrueCrypt 5.0