Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein

Published by捷蜃 贲 Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein"— Presentation transcript:

1 Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein
Unix Web Servers Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein 2019/5/4 Y K Choi

2 Overview Hardening a Unix Web server (means make it more secure)
Configuring the Web server Monitoring logs 2019/5/4 Y K Choi

3 Hardening a Unix Web server
Unix is a multi-user system. It supports over hundreds of users with different directories and environments. A user cannot modify or read a particular resources. Users are grouped. (user: group:system) right It is a general purpose system and is insecure. That is why we need to harden a Unix. 2019/5/4 Y K Choi

4 Four tasks to harden Unix
Apply vendor operating system When a patch appears related to security, download immediately Turn off unessential services For example, your Unix can support NT file sharing, POP, NFS, etc. and many of them might have holes, turn off them. Use netstat to find the ports that are in listening mode that are not used. If the following are not required, disable it tftp, finger, systat, uucp, exec, login, shell Remember Some of them 2019/5/4 Y K Choi

5 Four tasks to harden Unix
Add the minimum of users accounts It is because the major sources of Internet break-ins are intruders who have obtained a valid user and password and use it to log into the server. Disable password by placing * in /etc/password (for example uucp) uucp:*:10:14:uucp:/var/spool/uucppublic: Get the right file and directory permissions right If a web file is set to write, you should be careful. 2019/5/4 Y K Choi

6 Access Rights for Web Server Files
User Configuration Tools Logs CGI Documents Web Master RW R Web developer - Web author Web server R:read access: W: write access 2019/5/4 Y K Choi

7 4 groups with different access right
Grouping It is secure to create four groups Webmaster Web developers Web authors HTTP users 4 groups with different access right Read only 2019/5/4 Y K Choi

8 Configuring the web server (1)
In order to run the server as secure as possible, we will do the following: Disable unnecessary web server features (there are many features that are not used) such as the following (you should disable them) Automatic directory listings Symbolic link following:use symbolic links to extend the document tree to other pats of the file system, as it is easy to create an inadvertent link 2019/5/4 Y K Choi

9 Configuring the web server (2)
CGI scripts and server modules: executable scripts pose a threat as they do things that the authors did not anticipate. Server side include: allows web authors to create HTML pages that change dynamically without restoring to full-blown scripts or plug-ins. Start and stop the server without using root privileges: this is to reduce the use of root account. 3 mores 2019/5/4 Y K Choi

10 You should review the logs to determine who has accessed your systems.
Monitoring the logs Unix system logs: it keeps a series of log files and you can find them in /usr/adm Server log: The files created by Web servers are useful for tracking down problems. Most servers creates two logs: access logs and servers logs. You should review the logs to determine who has accessed your systems. 2019/5/4 Y K Choi

11 Web Log Tools (no need to memorise)
Product Manufacturer OS Notes Analog Stephen Turner NT/Unix Freeware wusage Boutell Corp. wwstat Roy Fielding Site Tracker Tucker info. All OS Net.analysis Net.genesis NT/Solaries Don’t memorise 2019/5/4 Y K Choi

12 Error Logs Some of the error messages that you can find are:
File does not exist: access a URL that does not exist File permissions deny server access: access a document that does not have sufficient privileges to read it. Password mismatch: access a protected document with an incorrect password Client denied by server configuration: access to a directory is restricted to certain IP addresses Malformed header from script: This is a warning message showing that a bad output cannot be interpreted correctly. 2019/5/4 Y K Choi

13 Summary Unix is not a perfect OS, we need to harden this by: 1) downloading the latest patch, 2) disabling unnecessary services, 3) minimizing the number of users, etc. Configure the Web server: minimise the use of privileged user, limit DOS Monitor the logs: Unix system logs, server log and error log 2019/5/4 Y K Choi

Download ppt "Chapter 8, pp 171 – pp 200 Web Security, by Lincoln D. Stein"

Similar presentations

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Linux Operations and Administration

Linux Operations and Administration
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Similar presentations

Ads by Google