Web Server Administration

quicksandwalleyeInternet και Εφαρμογές Web

31 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

90 εμφανίσεις

Web Server Administration

TEC 236

Securing the Web Environment

Overview


Identify threats and vulnerabilities


Secure data transmission


Secure the operating system


Secure server applications

Overview


Authenticate Web users


Use a firewall


Use a proxy server


Use intrusion detection software

Identifying Threats and
Vulnerabilities


Focus is on threats from the Internet


Hackers sometimes want the challenge of
penetrating a system and vandalizing it


other times they are after data


Data can be credit card numbers, user names and
passwords, other personal data


Information can be gathered while it is being
transmitted


Often, operating system flaws can assist the
hacker

Vulnerabilities in Operating
Systems


Operating systems are large and complex
which means that there are more
opportunities for attack


Although Windows has had its share of
problems, often inattentive administrators
often fail to implement patches when
available


Some attacks, such as buffer overruns, can
allow the attacker to take over the computer

Securing the Operating
System


Use the server for only necessary tasks


Minimize user accounts


Disable services that are not needed


Make sure that you have a secure password


In addition to using upper case, lower case
numbers and symbols, hold down the ALT key on
a number (on the numeric keypad) from 1 to 255


Check a table of ALT values to avoid common
characters


The use of the ALT key will thwart most hackers

Securing Windows


There are many services that are not needed in
Windows for most Internet
-
based server applications


Alerter


Computer browser


DHCP client


DNS client


Messenger


Server


Workstation


Also, the registry can be used to alter the
configuration to make it more secure such as
disabling short file names

Vulnerabilities of E
-
mail
Servers


By design, e
-
mail servers are open


E
-
mail servers can be harmed by a series of
very large e
-
mail messages


Sending an overwhelming number of
messages at the same time can prevent valid
users from accessing the server


Viruses can be sent to e
-
mail users


Retrieving e
-
mail over the Internet often
involves sending your user name and
password as clear text

Securing E
-
mail



Exchange 2000 can also use SSL for the
protocols it uses


To prevent someone from sending large
e
-
mail messages until the disk is full,
set a size limit for each mailbox

Securing Data Transmission


To secure data on a network that is
accessible to others, you need to
encrypt the data


SSL is the most common method of
encrypting data between a browser and
Web server


Secure Shell (SSH) is a secure
replacement for Telnet

Secure Sockets Layer (SSL)


A digital certificate issued by a certification
authority (CA) identifies an organization


The public key infrastructure (PKI) defines
the system of CAs and certificates


Public key cryptography depends on two keys


A public key is shared with everyone


The public key can be used to encrypt data


Only the owner of the public key has the
corresponding private key which is needed to
decrypt the data

Establishing an SSL
Connection

Vulnerabilities in Web servers


Static HTML pages pose virtually no
problem


Programming environments and
databases add complexity that a hacker
can exploit


Programmers often do not have time to
focus on security

Securing the Web Server


Enable the minimum features


If you don't need a programming
language, do not enable it


Make sure programmers understand
security issues


Implement SSL where appropriate


Securing the Web Server
-

IIS


The URLScan utility blocks potentially harmful page
requests


The IIS Lockdown utility has templates to ensure that
you only enable what you need


Change NTFS permissions in
\
inetpub
\
wwwroot from
Everyone Full Control to Everyone Execute


In IIS 5, delete
\
samples
\
IISHelp and
\
MSADC
folders


Delete extensions you do not use, such as .htr, .idc,
.stm, and others


Authenticating Web Users


Both Apache and IIS use HTTP to
enable authentication


HTTP tries to access a protected directory
and fails


Then it requests authentication from the
user in a dialog box


Accesses directory with user information


Used in conjunction with SSL

Configuring User
Authentication in IIS


Four types of authenticated access


Windows integrated authentication


Most secure


requires IE


Digest authentication for Windows domain servers


Works with proxy servers


Requires Active Directory and IE


Basic authentication


User name and password in clear text


Works with IE, Netscape, and others


Passport authentication


Centralized form of authentication


Only available on Windows Server 2003

Using a Firewall


A firewall implements a security policy
between networks


Our focus is between the Internet and an
organization's network


You need to limit access, especially
from the Internet to your internal
computers


Restrict access to Web servers, e
-
mail
servers, and other related servers

Types of Filtering


Packet filtering


Looks at each individual packet


Based on rules, it determines whether to let it pass through
the firewall


Circuit
-
level filtering (stateful or dynamic filtering)


Controls complete communication session, not just individual
packets


Allows traffic initialized from within the organization to
return, yet restricts traffic initialized from outside


Application
-
level


Instead of transferring packets, it sets up a separate
connection to totally isolate applications such as Web and e
-
mail

A Packet
-
filtering Firewall


Consists of a list of acceptance and denial
rules


A firewall independently filters what comes in
and what goes out


It is best to start with a default policy that
denies all traffic, in and out


We can reject or drop a failed packet


Drop


(best) thrown away without response


Reject


ICMP message sent in response

Using a Proxy Server


A proxy server delivers content on behalf of a user or
server application


Proxy servers need to understand the protocol of the
application that they proxy such as HTTP or FTP


Forward proxy servers isolate users from the Internet


Users contact proxy server which gets Web page


Reverse proxy servers isolate Web server
environment from the Internet


When a Web page is requested from the Internet, the proxy
server retrieves the page from the internal server

Using Intrusion Detection
Software


Intrusion detection is designed to show
you that your defenses have been
penetrated


With Microsoft ISA Server, it only
detects specific types of intrusion


In Linux, Tripwire tracks changes to
files

Tripwire


Tripwire allows you to set policies that allow
you to monitor any changes to the files on
the system


Tripwire can detect file additions, file
deletions, and changes to existing files


By understanding the changes to the files,
you can determine which ones are
unauthorized and then try to find out the
cause of the change

Tripwire


After installing Tripwire, you configure the
policy file to determine which files to monitor


A default list of files is included but it will take
time to refine the list


A report can be produced to find out which
files have been added, changed, and deleted


Usually, it runs automatically at night

Intrusion Detection in ISA
Server


The following intrusions are tracked


Windows out
-
of
-
band (WinNuke)

A specific type of Denial
-
of
-
Service attack


Land

A spoofed packet is sent with the SYN flag set so that the source
address is the same as the destination address, which is the address of
the server. The server can then try to connect to itself and crash.


Ping of death


The server receives ICMP packets that include large
files attachments, which can cause a server to crash.


IP half scan


If a remote computer attempts to connect to a port by
sending a packet with the SYN flag set and the port is not available,
the RST flag is set on the return packet. When the remote computer
does not respond to the RST flag, this is called an IP half scan. In
normal situations, the TCP connection is closed with a packet
containing a FIN flag.


UDP bomb


A UDP packet with an illegal configuration.


Port scan


You determine the threshold for the number of ports that
are scanned (checked) before an alert is issued.

Summary


Every computer connected to the Internet
represents a potential target for attack


Hackers can gather data and modify systems


SSL can secure data transmission


Keep each server to a single purpose such as
Web server or e
-
mail


Keep applications and services to a minimum

Summary


User authentication controls access to one or
more Web server directories


Firewalls control access policies between
networks


A proxy server delivers content on behalf of a
user or server application


Intrusion detection software identifies
intrusions but typically does not prevent them