Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Free Web Server Protection: Build a Managed Security Solution with Open Source Tools  : Page 2

Building a complete managed security solution for your Web server doesn't have to cost money with the open source tools currently available. Apply these tools to gain a better assessment of the risks your Web servers face.


advertisement
Intrusion Detection System
An intrusion detection system (IDS) can't block an attack on your Web server, but it helps you understand what kind of attacks your Web servers face everyday by logging every intrusion attempt in data files. The most popular free IDS is Snort, and with a little manipulation, you can have it monitor only Web-related attacks. By limiting Snort's rules or signature files before deploy it, you can keep watch over your Web servers. The following files contain the rules you need to look into:
  • Web-cgi.rules
  • Web-coldfusion.rules
  • Web-frontpage.rules
  • Web-iis.rules
  • Web-misc.rules

You can include only these rule files or edit them even more to fit your needs (e.g., if you don't have ColdFusion, why bother to have rules for ColdFusion?), and then deploy your IDS just for your Web servers. By limiting the rules you also are increasing the amount of data the IDS can process—very important when you have large network bandwidth or a server farm.

After you've deployed the Snort IDS, you can use ACID (Analysis Console for Intrusion Databases) or snortsnarf to generate reports from your Snort log files.



Keep Your Security Up to Date
One thing you need to keep in mind regarding a MSS is the number of security vulnerabilities you will contend with only increases as time moves forward. You have to keep your Web servers and their security up to date. Assumably, you update your Web servers whenever a vendor vulnerability advisory is published, but you shouldn't rely only on your diligence for keeping up with these advisories. You also need to verify that your servers have the most recent patches and the most up-to-date security configurations.

If you are running Microsoft IIS on your Web servers, you can download and use two free tools Microsoft has developed to secure your servers: Network Security Hotfix Checker (HFNetChk) and IIS Lockdown Tool. HFNetChk checks the servers for missing IIS patches, while the IIS Lockdown Tool turns off "unnecessary features" that attackers could exploit for attacks. Because HFNetChk produces its results in raw text format, another free tool, Hotfix Reporter, converts them into HTML with links to the missing patches and additional information. You should run these tools on your test systems before applying them to your production systems to avoid any unexpected results.

For you Apache users, you won't find any tools equivalent to HFNetChk or IIS Lockdown Tools for your servers. One possible reason is that most of the vulnerabilities you'll face are on the application level (e.g., PHP) rather than on the Apache server itself. But you can still refer to the Apache Security Tips for Server Configuration page.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date