Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein

Slides:



Advertisements
Similar presentations
The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.
Advertisements

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.
System and Network Security Practices COEN 351 E-Commerce Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
Chapter 6: Hostile Code Guide to Computer Network Security.
Linux Operations and Administration
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
CNIT 132 Intermediate HTML and CSS Publish Web Page.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Microsoft Internet Information Services 5.0 (IIS) By: Edik Magardomyan Fozi Abdurhman Bassem Albaiady Vince Serobyan.
OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
ColdFusion Security Michael Smith President TeraTech, Inc ColdFusion, Database & VB custom development
Overview Managing a DHCP Database Monitoring DHCP
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
Free Powerpoint Templates Page 1 Free Powerpoint Templates Chapter 4- Server Configuration.
Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Apache Web Server v. 2.2 Reference Manual Chapter 2 Starting Apache.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
Introduction to Operating Systems
Chapter 6 Application Hardening
Enterprise Network Security
Apache Server.
Unix System Administration
Introduction to Programming the WWW I
Microsoft FrontPage 2003 Illustrated Complete
Using SSL – Secure Socket Layer
Chapter 27: System Security
Enterprise Network Security
Configuring Internet-related services
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Part 2 Setting up a web server the easy way
PHP and Forms.
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
General Functionality
Requests and Server Response Codes
Enterprise Network Security
Presentation transcript:

Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein Unix Web Servers Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein 2019/5/4 Y K Choi

Overview Hardening a Unix Web server (means make it more secure) Configuring the Web server Monitoring logs 2019/5/4 Y K Choi

Hardening a Unix Web server Unix is a multi-user system. It supports over hundreds of users with different directories and environments. A user cannot modify or read a particular resources. Users are grouped. (user: group:system) right It is a general purpose system and is insecure. That is why we need to harden a Unix. 2019/5/4 Y K Choi

Four tasks to harden Unix Apply vendor operating system When a patch appears related to security, download immediately Turn off unessential services For example, your Unix can support NT file sharing, POP, NFS, etc. and many of them might have holes, turn off them. Use netstat to find the ports that are in listening mode that are not used. If the following are not required, disable it tftp, finger, systat, uucp, exec, login, shell Remember Some of them 2019/5/4 Y K Choi

Four tasks to harden Unix Add the minimum of users accounts It is because the major sources of Internet break-ins are intruders who have obtained a valid user and password and use it to log into the server. Disable password by placing * in /etc/password (for example uucp) uucp:*:10:14:uucp:/var/spool/uucppublic: Get the right file and directory permissions right If a web file is set to write, you should be careful. 2019/5/4 Y K Choi

Access Rights for Web Server Files User Configuration Tools Logs CGI Documents Web Master RW R Web developer - Web author Web server R:read access: W: write access 2019/5/4 Y K Choi

4 groups with different access right Grouping It is secure to create four groups Webmaster Web developers Web authors HTTP users 4 groups with different access right Read only 2019/5/4 Y K Choi

Configuring the web server (1) In order to run the server as secure as possible, we will do the following: Disable unnecessary web server features (there are many features that are not used) such as the following (you should disable them) Automatic directory listings Symbolic link following:use symbolic links to extend the document tree to other pats of the file system, as it is easy to create an inadvertent link 2019/5/4 Y K Choi

Configuring the web server (2) CGI scripts and server modules: executable scripts pose a threat as they do things that the authors did not anticipate. Server side include: allows web authors to create HTML pages that change dynamically without restoring to full-blown scripts or plug-ins. Start and stop the server without using root privileges: this is to reduce the use of root account. 3 mores 2019/5/4 Y K Choi

You should review the logs to determine who has accessed your systems. Monitoring the logs Unix system logs: it keeps a series of log files and you can find them in /usr/adm Server log: The files created by Web servers are useful for tracking down problems. Most servers creates two logs: access logs and servers logs. You should review the logs to determine who has accessed your systems. 2019/5/4 Y K Choi

Web Log Tools (no need to memorise) Product Manufacturer OS Notes Analog Stephen Turner NT/Unix Freeware wusage Boutell Corp. wwstat Roy Fielding Site Tracker Tucker info. All OS Net.analysis Net.genesis NT/Solaries Don’t memorise 2019/5/4 Y K Choi

Error Logs Some of the error messages that you can find are: File does not exist: access a URL that does not exist File permissions deny server access: access a document that does not have sufficient privileges to read it. Password mismatch: access a protected document with an incorrect password Client denied by server configuration: access to a directory is restricted to certain IP addresses Malformed header from script: This is a warning message showing that a bad output cannot be interpreted correctly. 2019/5/4 Y K Choi

Summary Unix is not a perfect OS, we need to harden this by: 1) downloading the latest patch, 2) disabling unnecessary services, 3) minimizing the number of users, etc. Configure the Web server: minimise the use of privileged user, limit DOS Monitor the logs: Unix system logs, server log and error log 2019/5/4 Y K Choi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.