Web|web Service |web Server | security
The Web server is the most exposed server on the Internet. In order for the customer/target user group to access the information provided, the Web server must be accessible to any access point on the Internet. Web is more tempting to hackers than other public services such as DNS and FTP, because a person who successfully invades a Web site can change the home page to make others more aware of his presence. These intrusions can make a company lose the trust of its customers, especially when sensitive data, such as credit card details, are stolen and even made public.
If the firewall used to prevent attacks on the internal network from the Internet is the most important area of network security, the Web server should be the second area that requires a high level of security. The goal of this article is to configure a secure Web server on a Linux system in just 45 minutes. Of course, you can do the same thing on other operating systems. Here is an example based on the SuSE Linux 6.4 release.
Security Zone
Server security is made up of several security zones, and security must be implemented consistently in each zone in order to ensure the highest level of protection under the allowable conditions.
1. Infrastructure area
The infrastructure area defines the location of the server in the network. This area must be able to prevent hacker technology threats such as data eavesdropping, network mapping, and port scanning. Also, a successful intrusion into an exposed Web server can be tracked because the compromised server may be used as a base to attack other important servers (which is most common in Dos attacks).
At this end, all servers that provide Internet services are protected through a centralized component and are required in an isolated network. This isolated network is called the Demilitarized Zone (DMZ). A protected component may be a complex firewall or a simple router (this router is configured with a strong restrictive packet filtering rule). Therefore, only the specified server service is allowed to access.
The general DMZ uses a switch that has port security and message flood protection, which ensures a high level of security in the DMZ.
If you are concerned about physical security, you must ensure that the server is installed in a secure room (or data processing center) and that all power, phone lines, and network cables must be physically protected.
2. Network Protocol Area
Network communication generally refers to TCP/IP communication, the operating system kernel is responsible for the communication and guarantee a transparent traffic flow. However, some of the vulnerable points of a function or protocol may be used to initiate attacks or corrupt behavior. Therefore, the kernel needs to be configured to block these types of attacks. Although firewalls or routers located on the front of the server can prevent many types of attacks, some Web server settings must be adjusted accordingly.
Preventing SYN Flood attacks is critical, and in all operating systems Linux provides a most efficient solution called syncookies. In addition, ICMP redirection and pinging of broadcast addresses and IP source routing packets should also be rejected. Additional kernel filtering functions can be applied to increase the level of security.