World Wide Web Server Security Best Practices

Written on February 10, 2010 by Jerson

  1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).
  2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack.
  3. Disallow all remote administration unless it is done using a one-time password or an encrypted link.
  4. Limit the number of persons having administrator or root level access.
  5. Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet.
  6. Monitor system logs regularly for any suspicious activity. Install some trap macros to watch for attacks on the server (such as the PHF attack). Create macros that run every hour or so that would check the integrity of password and other critical files. When the macros detect a change, they should send an e-mail to the system manager.
  7. Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin.
  8. Remove the “default” document trees that are shipped with Web servers such as IIS and ExAir.
  9. Apply all relevant security patches as soon as they are announced.
  10. If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.
  11. If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site. It would also be good to limit these connections only to a minimum number of secure machines and have those machines reside within your Intranet.
  12. Run the web server in a chroot-ed part of the directory tree so it cannot access the real system files.
  13. Run the anonymous FTP server (if you need it) in a chroot-ed part of the directory tree that is different from the web server’s tree.
  14. Do all updates from your Intranet. Maintain your web page originals on a server on your Intranet and make all changes and updates here; then “push” these updates to the public server through an SSL connection. If you do this on a hourly basis, you can avoid having a corrupted server exposed for a long period of time.
  15. Scan your web server periodically with tools like ISS or nmap to look for vulnerabilities.
  16. Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help you recover from an intrusion and strengthen your defenses.

Source

Posted in : : Prevention - Tips - Web Security : : No Comments »

Internet/Network Security Prevention Tips

Written on January 10, 2010 by Jerson

How can you protect your computer against the above-mentioned Internet security incidents? There are a number of free Internet security programs available online that you can use for this purpose. Given below is a checklist of few simple things you do:

  • Assess your risk/risk potential
  • Use good antivirus software. There are a number of free Internet security solutions that you can download for this purpose.
  • Keep all your software up-to-date (download and apply updates and patches regularly)
  • Check your security settings
  • Use a firewall (hardware/software)
  • Create tough-to-crack passwords (ideally 13 characters long, that includes numbers)
  • Conduct regular security maintenance

Source

Posted in : : Network Security - Prevention - Web Security : : No Comments »

Protect yourself from threats and vulnerabilities

Written on December 31, 2009 by editor

web_security.jpg

Here are some simple ways on how to could keep yourself same from threats and vulnerabilities on the Internet.

• Install anti-spyware and anti-virus on your personal computer
• Update your operating system and software (especially your anti-virus and anti-spyware) promptly for security patches and other important updates.
• Install Firewall too. Most operating systems have built-in firewall all you have to do is to enable them.
• Avoid visiting malicious websites.
• Avoid downloading files that are malicious (especially .exe files).
• Do a regular maintenance of your personal computers (Update, Defrag, Virus scan and other things that can improve the security and stability of your system).

Image source: www.reliabletechaz.com

Posted in : : Prevention - Threats - Tips - Web Security : : No Comments »

Hackers using rogue DNS servers

Written on November 20, 2009 by Jerson

“Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.”

Source

Posted in : : Hacks - Info - Threats - Web Security : : No Comments »

FBI Director to Monitor Internet Activity

Written on October 17, 2009 by editor

The FBI called for new legislation that allows the federal police to keep close look at internet activity to track down illegal activities. This seem to go beyond a current plan to monitor traffic on federal-government networks, and that the bureau should have a broad “omnibus” authority to conduct monitoring and surveillance of private-sector networks as well. This could violate the Fourth Amendment’s guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication

Source

Posted in : : Info - Network Security - Threats - Web Security : : No Comments »

Removing Spyware

Written on September 15, 2009 by editor

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate – search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in : : Hacks - Info - Network Security - Prevention - Threats - Tips - Web Security : : No Comments »

Yahoo Team and McAfee: Web Security

Written on August 23, 2009 by editor

by: Djai Tanji

McAfee and Yahoo announced their partnership on Web’s security wherein Yahoo’s search engine is making available to users the warnings about unnecessary and malicious code on Web sites that will be detected through McAfee’s security technology. McAfee calls the technology, SiteAdvisor and this has been integrated into Yahoo’s search engine mechanism making a user, after performing a search, obtain the flagged sites after clicking “searchscan.” However, no Yahoo advertisers will be picked up and flagged in the SiteAdvisor. The yahoo security warning system does not block users from accessing the page but will recommend to avoid the flagged content. With all this preclusion of users from visiting malicious websites, yahoo will lessen the channels obtainable for spam, adware, malware and phishing to spread.

Posted in : : Information : : No Comments »

How websites deal with SQL injection

Written on July 20, 2009 by editor

by: Djai Tanji

The substantial SQL injection attacks that struck Microsoft-based websites claimed as one of its victims Autoweb which is a U.K. based advertising and marketing site. The continuous attack that hits Autoweb exploited susceptibility in a single line of code in the web application to cut through the company’s Microsoft SQL database and knock the site offline. Autoweb’s IT staff then realized that database tables which stores content provided by car dealers had been overwritten with a 30-character script and that gave them a window of opportunity. Autoweb blocked the attacks by looking at log files which originated from IP addresses in China. Autoweb did an everyday backing up and asked assistance from Secerno, a U.K. based firm to build a database security appliance.

Posted in : : Information : : No Comments »

The Spam Battle Rages

Written on June 29, 2009 by Jerson

A man is convicted to serve five years in jail after being convicted of being the creator of a botnet that had in it’s peak infected almost half a million computers, spreading spam and adware. The man, Jeanson James Ancheta at a young age of 21 is set to serve a total of 57 months in prison, which is considered to be one of the the longest ever sentence for computer crimes. He drew the curiosity of government cyber-security people when he tried to infiltrate computers owned by the US Naval Warfare Center and the Defense Information Systems Agency, both of which were being constantly attacked by hackers and botnets. Please tell me more! »

Posted in : : Information - Network Security : : No Comments »

Microsoft Set to Release Own Anti-Virus

Written on May 29, 2009 by Jerson

The software giant announced that it will be releasing their own Windows embedded anti-virus that raises some eyebrows in the IT industry. Why, well the company has been known to be the most attacked PC platform on earth compared to other operating systems due to their ways of old. This hatred of the company stems back from the days when Microsoft was involved in what can be called “steal then deal”, when they were involved in getting nifty software form the many start up firms who produced respectable programs they embedded within their OS releases. This is sure to result in lawsuits which the company then opted to settle out of court, buying out the rights and even the company in a hostile take-over. Please tell me more! »

Posted in : : Information - Network Security - Threats : : No Comments »

Keep Looking »