Maintaining Web Server Security is one of the most unpleasant chores in information security. You need to find balance in conflicting roles, allowing legitimate access to network resources while preventing malicious damage.
You might even consider dual authentication, such as RSA SecurID, to ensure a high level of trust in the authentication system, but this may not be practical or cost effective for all website users. Despite these conflicting goals, there are still six steps that will help secure Web servers.
Separate servers for internal and external applications separately
Suppose an organization has two types of independent web applications, services for external users and services for internal users. Carefully apply these applications. Deployed on different servers. Doing so can reduce malicious users from breaking through external servers to gain access to sensitive internal information. If you don't have a deployment tool available, you should at least consider using technical controls (such as handling isolation) so that internal and external applications don't involve each other.
Testing and Debugging Applications with a Separate Development Server
Testing applications on a separate Web server sounds like common sense - indeed. Unfortunately, many organizations do not follow this basic rule, instead allowing developers to debug code and even develop new software on production servers. This is terrible for both safety and reliability. Testing the code on the production server can cause users to fail, introducing security vulnerabilities when developers submit untested and vulnerable code. Most modern version control systems (such as Microsoft's Visual SourceSafe) facilitate the automation of the coding/testing/debugging process.
Reviewing Website Activity, Secure Storage Logs
Every security professional knows the importance of maintaining server activity logs. Since most web servers are public, it is important to review all Internet services. Auditing helps you detect and combat attacks and allows you to troubleshoot server performance. In an advanced security environment, make sure your logs are stored in a physically secure location—the safest (but least convenient) trick is to print out the logs as they are created, creating paper records that cannot be modified by the intruder, provided the intrusion There is no physical access. You may want to use electronic backups, such as logging into a secure host and encrypting with a digital signature to prevent the log from being stolen and modified.
Training Developers for Reliable Security Encoding
Software developers are committed to creating applications that meet business needs, but often overlooking information security is also an important business need. As a security professional, you are responsible for training developers to influence the security of Web servers. You should let developers understand the security mechanisms in the network, make sure that the software they develop does not violate these mechanisms; and also provide conceptual training, such as memory leak attacks and processing isolation - these are great for coding and generating secure applications. help.
Patching the Operating System and Web Server
This is another common sense, but it is often overlooked when administrators are overwhelmed by other tasks. Security bulletins, such as those issued by CERT or Microsoft, remind people how often software vendors release patches for certain security vulnerabilities. Some tools like Microsoft's Software Upgrade Service (SUS) and RedHat's upgrade service help automate this task. In short, once the vulnerability is announced, if you don't fix it, it will be discovered and used sooner or later.
Scanning with Application Software
If you are burdened, you might consider using an application scanner to verify internal encoding. Tools like Watchfire's AppScan help ensure that there are no vulnerabilities in the production environment. Remember to be safe. A well-designed web server structure should be based on a sound security policy. Implementing these six methods will help you build a solid foundation.
Double hot standby is a backup technology made by the temporary failure of the ser
Recently, an enterprise database server has failed many times: the client PC runs
Six, website ID For the IIS server, the only one that identifies a website is not the name of the w
The server frequently restarts frequently in the last night. After checking for a
Technical Guide: How to set up a file server?
Eliminate hidden dangers from the root cause of server virus removal
Scanning and Resolving Problems in Server Load Balancing
PHP+MySQL+IIS platform graphic configuration under Windows 2003
Tcp&Dns working mechanism under Linux
Teach you 15 strokes to improve server security level
Prohibit PHP execution permission for a directory under Apache
Apache problem you dont have permission to access /on this server solution
Win8 improved one-click mount VHD virtual disk tutorial
Win7 system use troubleshooting 0X80131700 solution
How to solve the problem that Win7 Task Manager title bar is missing?
Solve the problem that win7 operating system can not install fonts
Win7 play Diablo 2 flower screen how to do
How to use the Thunder video to make GIF maps Thunder video to do gif picture tutorial
Windows 7 install fonts and install fonts with shortcuts
Windows system network sharing application
Win7/8 how to view the computer configuration win10 computer hardware configuration view method