Now that we have covered most of the general risks, let’s examine risks and solutions specific to the Web.
File permissions
A good understanding of the underlying file system on any system you use is essential to maintaining a secure system. Insufficient permissions will cause problems for your visitors—overly generous permissions can expose critical information you would rather not reveal.
When deploying a Web site, consider what rights and file ownership is truly necessary. Whenever possible assign rights to the Web server instead of general users. For example, on a Linux system where the Apache server runs as user www-data, the following permissions may be enough for your documents:
rwxr-x--- your_user_id www-data filenameIn the preceding example, the file is owned by your user ID, with read, write, and execute permissions. The group ownership is set to the user ID that the Web server runs under. The group permissions only allow read and execute, the minimum permissions necessary for the server to serve the file.
Unused but open ports
Any open port on a server presents a vulnerability that could be exploited. As such, it’s important to only have the ports open that you really need. First and foremost, shut down and even uninstall any services that you don’t need. For example, if you don’t need an FTP server, don’t even install one.
The next step is to perform a port scan on your system to see what ports are open that you may not know about. There are many ways to perform a port scan, including the following:
Use your browser and visit one of the online port scanners, such as the one at DSL Reports or the Shields Up scanner at Gibson Research
CGI scripts
Common Gateway Interface (CGI) scripts are common targets for hackers. Many CGI scripts are poorly written from a security perspective, allowing savvy hackers to exploit them in various ways. Some exploits were fairly benign, such as using the formmail CGI script on a server to send anonymous e-mail (typically spam). Other CGI exploits are very dangerous, allowing hackers admin access to your server.
Whenever using CGI scripts, consider the following:
Buffer overflows
Buffer overflows are widely used exploits. The concept of a buffer overflow is fairly simple: force an application to accept more data than it expects, causing it to overwrite other data in memory with specific data. For example, consider the following:
This is only one example of how a buffer overflow exploit can be used. The cure for such exploits is to keep your software up-to-date, as most exploits are fixed quickly after they are found. Monitoring security updates and patches for your system is critical to avoiding this issue.
Compromised systems
There is no easy cure for a compromised system. Once the system has been compromised you can never be truly sure of the extent of the compromise. Typically, the following steps are the only recourse:
|
|
HTML Related Tutorials |
|
---|---|
XML Tutorial | HTML 4 Tutorial |
HTML 5 Tutorial | Java Tutorial |
CSS Tutorial | XHTML Tutorial |
HTML Related Interview Questions |
|
---|---|
XML Interview Questions | HTML 4 Interview Questions |
HTML Interview Questions | HTML 5 Interview Questions |
HTML+XHTML Interview Questions | HTML+Javascript Interview Questions |
HTML DOM Interview Questions | Java Interview Questions |
CSS Interview Questions | Java Abstraction Interview Questions |
Dynamic HTML Interview Questions | XHTML Interview Questions |
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.