How to Protect Your Web Server from Attacks

Oct 11, 2007

The National Institute of Standards and Technology has released a new publication that provides detailed tips on how to make web servers more resistant to potential attacks. Called “Guidelines on Securing Public Web Servers,” the publication covers some of the latest threats to web security, while reflecting general changes in web technology that have taken place since the first version of the guide was published 5 years ago.

Web servers are the software programs that make information available over the Internet. They are often the most frequently targeted hosts on a computer network.

Attackers gaining unauthorized access to the server may be able to change information on the site (e.g., defacing a web page), access sensitive personal information, or install malicious software to launch further attacks. Recently emerging threats include “pharming,” in which people attempting to visit a web site are redirected surreptitiously to a malicious site.

How does one thwart these attacks? The guide advocates taking basic steps such as keeping up-to-date on patches (fixes and updates) for web server software and the underlying operating system. Also, the guide recommends configuring the software in as secure a fashion as possible, for example by disabling unnecessary software services and applications, which may themselves have security holes that can provide openings for attacks.

Another key recommendation, especially for large-scale operations, is to consider the proper human-resource requirements for deploying and operating a secure web server, by staffing the appropriate complement of IT experts (such as system and network administrators) all doing their jobs to establish and promote security.

The guide advocates “defense in depth”—installing safeguards at various points of entry into the server, from the router that handles all incoming data traffic to the specific machines that house the server software. In addition, the guide recommends, organizations should monitor log files, create procedures for recovering from attacks, and regularly test the security of their systems.

The guide is designed for federal departments and agencies, but may be applicable to any web server to which the outside world has access. The guide is available free of charge at csrc.nist.gov/publications/nis… -ver2/SP800-44v2.pdf .

Source: NIST

Explore further: Non-emergency lines still need a back up plan in case of another meltdown

add to favorites email to friend print save as pdf

Related Stories

Hackers force message on websites via US firm

2 hours ago

A U.S. firm that helps connect more than 700 companies with customers through social media says a Syrian group hacked the company's web address to upload a message to other websites.

Genomes of malaria-carrying mosquitoes sequenced

4 hours ago

Nora Besansky, O'Hara Professor of Biological Sciences at the University of Notre Dame and a member of the University's Eck Institute for Global Health, has led an international team of scientists in sequencing ...

Recommended for you

E-Voting: Risky technology or great improvement?

8 hours ago

On this forthcoming weekend the Australian state election takes place, and in Victoria State they will be using a new e-voting system to improve secrecy, reliability and user-friendliness. But how secure are such systems? ...

Namibia prepares for Africa's first e-vote

Nov 26, 2014

Namibia will vote in Africa's first electronic ballot Friday, a general election that will usher in a new president and quotas to put more women in government.

US agency threatens to act against air bag maker

Nov 26, 2014

A dispute between U.S. safety regulators and air bag maker Takata Corp. escalated Wednesday when the government threatened fines and legal action unless the company admits that driver's air bag inflators ...

Japan orders air bag maker to conduct probe

Nov 21, 2014

Japan's transport ministry said Friday it has ordered air bag maker Takata to conduct an internal investigation after cases of its air bags exploding triggered safety concerns in the United States and other countries.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.