How to Protect Your Web Server from Attacks

Oct 11, 2007

The National Institute of Standards and Technology has released a new publication that provides detailed tips on how to make web servers more resistant to potential attacks. Called “Guidelines on Securing Public Web Servers,” the publication covers some of the latest threats to web security, while reflecting general changes in web technology that have taken place since the first version of the guide was published 5 years ago.

Web servers are the software programs that make information available over the Internet. They are often the most frequently targeted hosts on a computer network.

Attackers gaining unauthorized access to the server may be able to change information on the site (e.g., defacing a web page), access sensitive personal information, or install malicious software to launch further attacks. Recently emerging threats include “pharming,” in which people attempting to visit a web site are redirected surreptitiously to a malicious site.

How does one thwart these attacks? The guide advocates taking basic steps such as keeping up-to-date on patches (fixes and updates) for web server software and the underlying operating system. Also, the guide recommends configuring the software in as secure a fashion as possible, for example by disabling unnecessary software services and applications, which may themselves have security holes that can provide openings for attacks.

Another key recommendation, especially for large-scale operations, is to consider the proper human-resource requirements for deploying and operating a secure web server, by staffing the appropriate complement of IT experts (such as system and network administrators) all doing their jobs to establish and promote security.

The guide advocates “defense in depth”—installing safeguards at various points of entry into the server, from the router that handles all incoming data traffic to the specific machines that house the server software. In addition, the guide recommends, organizations should monitor log files, create procedures for recovering from attacks, and regularly test the security of their systems.

The guide is designed for federal departments and agencies, but may be applicable to any web server to which the outside world has access. The guide is available free of charge at csrc.nist.gov/publications/nis… -ver2/SP800-44v2.pdf .

Source: NIST

Explore further: Iliad founder says T-Mobile offer is 'real'

add to favorites email to friend print save as pdf

Related Stories

Huge waves measured for first time in Arctic Ocean

9 hours ago

As the climate warms and sea ice retreats, the North is changing. An ice-covered expanse now has a season of increasingly open water which is predicted to extend across the whole Arctic Ocean before the middle ...

Underwater elephants

9 hours ago

In the high-tech world of science, researchers sometimes need to get back to basics. UC Santa Barbara's Douglas McCauley did just that to study the impacts of the bumphead parrotfish (Bolbometopon muricatum) on cor ...

Recommended for you

Iliad founder says T-Mobile offer is 'real'

8 hours ago

French telecom upstart Iliad's founder said Friday that the company's offer for US-based T-Mobile is "real" and that he is open to working with partners on a deal.

Law changed to allow 'unlocking' cellphones

8 hours ago

President Barack Obama signed a bill into law on Friday making it legal once again to unlock a cellphone without permission from a wireless provider, so long as the service contract has expired.

Social network challenges end in tragedy

8 hours ago

Online challenges daring people to set themselves ablaze or douse themselves in ice water are racking up casualties and fueling wonder regarding idiocy in the Internet age.

Microsoft sues Samsung alleging contract breach

8 hours ago

Microsoft on Friday sued Samsung in federal court claiming the South Korean giant had breached a contract over cross-license technology used in the fiercely competitive smartphone market.

States debate digital currency

9 hours ago

Now that consumers can use digital currencies like bitcoin to buy rugs from Overstock.com, pay for Peruvian pork sandwiches from a food truck in Washington, D.C., and even make donations to political action committees, states ...

User comments : 0