Home > Step 1: Understanding the issues
Step-by-Step Guide:
EMAIL THIS LICENSING & REPRINTS

Step 1: Understanding the issues

12 Apr 2006 | SearchWindowsSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

There are certain must-have baseline configuration settings every Windows-based Web server needs regardless of whether it's IIS, Apache or some no-name software built into your niche e-mail server product. Your goal for configuration settings should be to have a server ready to be placed "in the wild" that's resilient to common Web server OS and application attacks and vulnerabilities:

  • Null sessions
  • Weak share and NTFS permissions
  • Weak passwords and authentication systems
  • Exploitable vulnerabilities due to missing patches and other OS misconfigurations
  • Fingerprinting
  • Parameter manipulation
  • Default scripts
  • Buffer overflows
  • Cross-site scripting
  • SQL injection
  • Denial of Service due to missing critical layered defenses

This is certainly not an exhaustive list of attack methods, but it covers the main areas at both the OS and Web server application levels. Notice I've differentiated Web server OS and actual Web server software. It's important to consider both areas of the server. If you focus solely on the Web server software (IIS, Apache, etc.) itself, the "visible" part of your server may be secure, but you'll have a weak foundation (the underlying OS) and, consequently, still be susceptible to attacks.

Now, let's take a look at critical Web server configuration elements.


Securing Web servers

 Home: Introduction
 Step 1: Understanding the issues
 Step 2: Installing and configuring your Web server
 Step 3: Testing your Web server

ABOUT THE AUTHOR:
Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
Copyright 2006 TechTarget


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2004 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts