How to Protect Your Web Server from Attacks

October 11, 2007

The National Institute of Standards and Technology has released a new publication that provides detailed tips on how to make web servers more resistant to potential attacks. Called “Guidelines on Securing Public Web Servers,” the publication covers some of the latest threats to web security, while reflecting general changes in web technology that have taken place since the first version of the guide was published 5 years ago.

Web servers are the software programs that make information available over the Internet. They are often the most frequently targeted hosts on a computer network.

Attackers gaining unauthorized access to the server may be able to change information on the site (e.g., defacing a web page), access sensitive personal information, or install malicious software to launch further attacks. Recently emerging threats include “pharming,” in which people attempting to visit a web site are redirected surreptitiously to a malicious site.

How does one thwart these attacks? The guide advocates taking basic steps such as keeping up-to-date on patches (fixes and updates) for web server software and the underlying operating system. Also, the guide recommends configuring the software in as secure a fashion as possible, for example by disabling unnecessary software services and applications, which may themselves have security holes that can provide openings for attacks.

Another key recommendation, especially for large-scale operations, is to consider the proper human-resource requirements for deploying and operating a secure web server, by staffing the appropriate complement of IT experts (such as system and network administrators) all doing their jobs to establish and promote security.

The guide advocates “defense in depth”—installing safeguards at various points of entry into the server, from the router that handles all incoming data traffic to the specific machines that house the server software. In addition, the guide recommends, organizations should monitor log files, create procedures for recovering from attacks, and regularly test the security of their systems.

The guide is designed for federal departments and agencies, but may be applicable to any web server to which the outside world has access. The guide is available free of charge at csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf .

Source: NIST

Explore further: How to read a digital footprint

Related Stories

How to read a digital footprint

June 23, 2015

Researchers are using social media data to build a picture of the personalities of millions, changing core ideas of how psychological profiling works. They say it could revolutionise employment and commerce, but the work ...

Math student detects OAuth, OpenID security vulnerability

May 3, 2014

(Phys.org) —To get right to the point, a doctoral candidate in math has discovered two holes in OAuth and OpenID that could leak data and redirect victims to unsafe sites. Friday's tech sites accordingly were buzzing with ...

'Robobarista' can figure out your new coffee machine

April 15, 2015

In the near future we may have household robots to handle cooking, cleaning and other menial tasks. They will be teachable: Show the robot how to operate your coffee machine, and it will take over from there.

Unlocking the geoblock with VPNs

October 2, 2014

In recent months there have been many reports of Australians covertly signing up for the US streaming service Netflix, using fake postcodes and software workarounds to fool its geo-blocking system.

World Wide Web turns 25 years old

March 9, 2014

Twenty-five years ago, the World Wide Web was just an idea in a technical paper from an obscure, young computer scientist at a European physics lab.

Recommended for you

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Netherlands bank customers can get vocal on payments

August 1, 2015

Are some people fed up with remembering and using passwords and PINs to make it though the day? Those who have had enough would prefer to do without them. For mobile tasks that involve banking, though, it is obvious that ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.