Pages

Monday, August 09, 2010

Web Server Security

Operating Systems still continue to be vulnerable to attacks if the security patches are not installed periodically, which gives way to malwares and massive internet worms. Sometime ago, the internet worm conficker, which is also known as downadup was creating big chaos over the internet, which lead to huge losses to the corporate and website owners. Meanwhile there was also number of buffer overflow attacks reported during the year 2009. It�s quite common that all the web servers do have vulnerability, but its good the website owner need to safeguard their valuable digital assets by periodically updating the security patches and by running quality server security software products, which would prevent from the web server being vulnerable i.e. accessible to the hackers.



Below are a few one-liner precautionary steps that will help you in securing your Web server.
1. Install the Security Patches whenever available
2. Check the client side of the website by running a Malware Scan to ensure the users are safe
3. Disable the unnecessary scripting languages in your web servers, as hacker may target them
4. Subscribe and Keep monitoring the security vendor's security alerts
5. Most importantly use a tough Alpha-numeric-Symbol based password
6. Check for vulnerabilities by running a vulnerability analyser to check your web server security holes
7. Set up permissions at different levels so that no one can access as an administrator, expect the person intended for.
8. DON'T test any new or unknown scripts in your main web server, because some untrusted scripts may inject a malware in your server

Also, now Google provides a free tool called "SkipFish" - a web application security reconnaissance tool, which can run a security audit to your website. Here is the link for your convenience http://code.google.com/p/skipfish/
Still wondering how the attack takes place, here is a pictorial representation of Top Cyber Security Risks by Sans.org http://www.sans.org/top-cyber-security-risks/tutorial.php

No comments: