Summary: This chapter presents a methodology and a
series of steps required to secure a Web server. The steps are divided
into common configuration categories, including patches and updates,
ports, protocols, accounts, services, files and directories and others.
This allows you to systematically walk through the securing process from
top to bottom or pick a particular category and complete specific steps
Brute Force Attack
In a brute force attack, the intruder attempts to gain access to a server by guessing a user password (usually the root administrator) through the SSH server, Mail server, or other service running on your system. The attacker will normally use software that will check every possible combination to find the one that works. Brute force detection software will alert you when multiple failed attempts to gain access are in progress and disable access from the offending IP address.
Open Relay
A Mail Transfer Agent (MTA) normally uses an SMTP server to send email from your server’s users to people around the world. With an open relay, anyone can use your SMTP server, including spammers. Not only is it bad to give access to people who send spam, it could very well get your server placed on a DNS blacklist that some ISPs will use to block mail from your IP. It is very easy to close an open relay. Just follow the documentation for your MTA.
Botnet
Attackers use botnets to automatically run and distribute malicious software on “agent” servers. They then use the agent machines to attack or infect others. Because all of this can be done automatically without user intervention, botnets can spread very quickly and be deadly for large networks. They are commonly used in DDoS attacks and spam campaigns.
DoS
DoS stands for Denial of Service, and is a technique attackers will use to effectively shut off access to your site. They accomplish this by increasing traffic on your site so much that the victim’s server becomes unresponsive. While some DoS attacks come from single attackers, others are coordinated and are called Distributed Denial of Service (DDoS) attacks. Often times, the users of computers executing a DDoS do not even know their computers are being used as agents.
Cross-site Scripting
Cross-site scipting or XSS is a technique that makes use of vulnerabilities in web applications. According to UK dedicated hosting server specialists at 34SP.com, the vulnerability allows the attacker to inject code in a server-side script that they will use to execute malicious client-side scripts or gather sensitive data from the user. You can fix most XSS problems by using scanner software to detect vulnerabilities and then fix whatever you find.
SQL Injection
Like XSS, SQL injection requires a vulnerability to be present in the database associated with a web application. The malicious code is inserted into strings that are later passed to the SQL server, parsed, and executed. As with other vulnerability-dependent attacks, you can prevent it by scanning for problem code and fixing it.
Malware
Malware can take many forms, but as the name implies, it is malicious software. It can take the form of viruses, bots, spyware, worms, trojans, rootkits, and any other software intended to cause harm. In most cases, malware is installed without the user’s direct consent. It may attack the user’s computer and/or attack other computers through the user’s own system. Having proper firewall and security software protection can usually prevent malware from spreading.
Unpatched Software
Most threats to a server can be prevented simply by having up-to-date, properly-patched software. All server operating system vendors and distributions publish security updates. By installing them on your system in a timely manner, you prevent attackers from using your server’s own vulnerabilities against it.
Careless Users
The number one, most prevalent threat to a server’s security is user carelessness. If you or your users have passwords that are easy to guess, poorly written code, unpatched software, or a lack of security measures like anti-virus software, you are just asking for trouble. By enforcing strong security practices and secure authentication, you can lessen or even eliminate most threats
Brute Force Attack
In a brute force attack, the intruder attempts to gain access to a server by guessing a user password (usually the root administrator) through the SSH server, Mail server, or other service running on your system. The attacker will normally use software that will check every possible combination to find the one that works. Brute force detection software will alert you when multiple failed attempts to gain access are in progress and disable access from the offending IP address.
Open Relay
A Mail Transfer Agent (MTA) normally uses an SMTP server to send email from your server’s users to people around the world. With an open relay, anyone can use your SMTP server, including spammers. Not only is it bad to give access to people who send spam, it could very well get your server placed on a DNS blacklist that some ISPs will use to block mail from your IP. It is very easy to close an open relay. Just follow the documentation for your MTA.
Botnet
Attackers use botnets to automatically run and distribute malicious software on “agent” servers. They then use the agent machines to attack or infect others. Because all of this can be done automatically without user intervention, botnets can spread very quickly and be deadly for large networks. They are commonly used in DDoS attacks and spam campaigns.
DoS
DoS stands for Denial of Service, and is a technique attackers will use to effectively shut off access to your site. They accomplish this by increasing traffic on your site so much that the victim’s server becomes unresponsive. While some DoS attacks come from single attackers, others are coordinated and are called Distributed Denial of Service (DDoS) attacks. Often times, the users of computers executing a DDoS do not even know their computers are being used as agents.
Cross-site Scripting
Cross-site scipting or XSS is a technique that makes use of vulnerabilities in web applications. According to UK dedicated hosting server specialists at 34SP.com, the vulnerability allows the attacker to inject code in a server-side script that they will use to execute malicious client-side scripts or gather sensitive data from the user. You can fix most XSS problems by using scanner software to detect vulnerabilities and then fix whatever you find.
SQL Injection
Like XSS, SQL injection requires a vulnerability to be present in the database associated with a web application. The malicious code is inserted into strings that are later passed to the SQL server, parsed, and executed. As with other vulnerability-dependent attacks, you can prevent it by scanning for problem code and fixing it.
Malware
Malware can take many forms, but as the name implies, it is malicious software. It can take the form of viruses, bots, spyware, worms, trojans, rootkits, and any other software intended to cause harm. In most cases, malware is installed without the user’s direct consent. It may attack the user’s computer and/or attack other computers through the user’s own system. Having proper firewall and security software protection can usually prevent malware from spreading.
Unpatched Software
Most threats to a server can be prevented simply by having up-to-date, properly-patched software. All server operating system vendors and distributions publish security updates. By installing them on your system in a timely manner, you prevent attackers from using your server’s own vulnerabilities against it.
Careless Users
The number one, most prevalent threat to a server’s security is user carelessness. If you or your users have passwords that are easy to guess, poorly written code, unpatched software, or a lack of security measures like anti-virus software, you are just asking for trouble. By enforcing strong security practices and secure authentication, you can lessen or even eliminate most threats
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন