Apache security maintenance formula 11: creating secure web servers (1)

Someone asked a question in the Forum about how to set up a secure web server. Here are some suggestions and suggestions.

The Apache server is there and unix/linux is there, which is enough to show the excellent performance and market share of Apache in the WEB Server field. In today's Internet environment, web services have become an essential business for companies. Most security problems have also followed, and the focus of attacks has also shifted to web attacks, many web applications are combined with valuable customer services and e-commerce activities, which is also an important reason for attracting malicious attacks.

First, let's take a look at the security risks faced by the web.

HTTP Denial of Service Attack

Attackers may use some means to cause the server to reject http responses, which causes the huge increase in Apache's CPU time and memory requirements for system resources, resulting in system slowdown or even complete paralysis. The biggest drawback of the Apache server is that, its universality makes it a target. Apache servers are constantly threatened by DoS attacks, mainly including the following:

1. Packet flood attacks

A Method to interrupt the server or local network is packet flood attacks. It usually uses the internet to control the packet protocol ICMP, which belongs to the network layer protocol)
Packet or udp packet. In the simplest form, all these attacks overload the server or network load, which means that the attacker's network speed must be faster than the target host's network speed, the advantage of using a udp packet is that no packet is returned to the hacker's computer. udp is 17 times more efficient than tcp. The advantage of using an ICMP packet is that attackers can make attacks richer and more varied, sending defective packets will mess up and lock the victim's network. The current popular trend is that attackers fool servers to believe they are being attacked by their own floods.

2. Disk attacks

This is a very immoral attack. It not only affects computer communication, but also damages its hardware. Forged user requests use write commands to attack the hard disk of the target computer, so that it exceeds the limit, and forced close, the ending is miserable.

3. Route inaccessibility

Usually DoS attacks are concentrated on routers. Attackers obtain control and manipulate the target machine first. When attackers can change route table entries, the entire network cannot communicate. This attack is very sinister and concealed, there are many causes for network disconnection to be ruled out by the network administrator, and some of them need to be identified in detail.

4. Distributed Denial of Service Attack

This is also the most threatening DDoS attack. The name is easy to understand. in simple words, it is group Europe. Many clients have a single server at the same time, and you will find that you will be scarred, apache servers are particularly vulnerable to attacks, whether DDos attacks or hidden source attacks, because Apache is everywhere, especially the specially crafted SSL worm for Apache), lurking on many hosts, attackers can use viruses to manipulate a large number of infected machines, launch a massive DDoS attack on a specific target, spread worms to a large number of hosts, and launch large-scale point-to-point attacks, unless you do not provide services, you can hardly prevent such attacks. Such attacks are usually targeted on large websites.

Buffer overflow, which is a common attack. Attackers use CGI programs to write defective programs that deviate from the normal process. When the program uses static memory allocation, attackers can send a very long request to overflow the buffer, for example, some perl gateway scripts for processing user requests, once the buffer overflows, attackers can execute malicious commands.

The root permission is invalid.

If Apache runs with the root permission, some program logic defects or buffer overflow vulnerabilities on the system may make it easy for attackers to obtain administrator privileges on the linux server on the local system, in some remote cases, attackers may exploit some defective system daemon processes executed as root to obtain root permissions, or exploit the vulnerability of defective service processes to obtain common user permissions, remote login to control the entire system.

These are the attack methods that the service will encounter. Next we will discuss how to build a secure Apache server.