As far as operating systems, web server, with “more complex and application and web servers, is more likely that something will go wrong.” Generally, the more functions and features are provided by the web server, the largest program of potential security flaws exist.
The main web server software that provides access to files only as prescribed by the provisions of the advanced CGI work, and server-side include processing, writing error handling, and dynamic list of directories Server Software offers more than is safe.
Web server software on the users browser is different in degree of control. Servers that users access only to certain documents and evidence or without proof, while others allow everything to allow full access. Some of the evidence to allow access to the client machine’s IP address, or people who know the correct password can be created,. A few Web servers do not expose the hidden text information, e-commerce sites on the Internet need to provide. Before it is a commercial web servers.
Here are tips for more secure web server are:
- As its nature, the Internet service has security flaws. The most common causes of security breaches is a CGI script.Data entered by the user’s browser can do to check.
- Configure the web server carefully: -
— Some of the files should be allowed to operate only in specified directories.
— Source code is not anywhere where you can download it in the safe.
And must move — automatic directory indexing. If you are using an external web hosting company, and you can not change it up and make sure that all the evidence to reach such sub file “index.html” and redirects the browser as a default Home Page Includes default.
— If you do not need it, and disable the content management system and other features that browser users and manage remote servers such as WebDAV, and small and medium enterprises, SharePoint, etc. files to allow editing.
— Such as Internet Information Services (IIS) Microsoft, and a security tool URLScan security tool on the server security tools that come with software and operating systems, by taking advantage of the potential weaknesses of identify.
- Public and private information should be more than physical. These devices are not confidential or sensitive data that must be available to the public Internet service. The usual firewall and internal network, and from external networks should be protected, but can be difficult, some third parties if you want to allow others to learn. Extranet Web server outside the firewall must be located. (A “sacrificial lamb” configuration is known as) a change “internal” and “external” is set to be paired with servers. Another possibility is to use a proxy, and application, read, and converted into a web server, and then work from about the same in reverse.
- Web server logs all requests. Log files regularly to check for any unusual restrictions and should investigate any suspicious object.
- Users and user groups to access only what they need to be limited. The operating system security software and allow access through the level specified. Oracle on Unix systems and computer traffic system (police) to verify many of the common misperception. (Network administrators maximum protection for the root server a user is often referred to as a trusted Web authors, and only members of the group’s document root directory and its subdirectories to “write” permission Users have the “WWW” Creation of the group. directory, the system is the master configuration file, and in some cases includes network administrators, Web “World Wide Web” gives special status to the user, and to ” writing “is the only one with permission.)
- From users on the network you are on watch. Security holes expose innocent you install one of the many free web servers are not easily available can be made by users.
- Are you a good password policy and it must follow. Password is simple, birthday or family name, etc. should be based on, it is prohibited. There are strict rules on the other end so that the password should be written to them to remember. Change your password on a regular basis, and the default password must be changed immediately. Default accounts, for example, “entry in guest” and should be eliminated. The confidential accounts such as administrators, must take care with Extra. Documents should be classified, sensitive areas and administrative functions are always protected with a password.
- Security updates and patches you must install immediately. The Web server software as operating systems are equally applicable. Automation of these processes, if possible, but at least, software suppliers are out of sight for security alerts.
- Any property which is not actually used, or at least disable it server or translator must be canceled. For example, file transfer protocol (FTP) server, which usually offer Internet service, you will not want to use it to extract. Thus, for example little unnecessary file protocol (TFTP) network information services (NIS) agents, SYSTAT, finger, network, file system (NFS), Gopher, copy, and Programming and scripting languages should be transferred. For example, if the website does not use CGI scripts written in Perl, the Perl interpreter, disappeared. These items are only the latest security threats.
In short, as we can be clearly seen from above, but in fact no need to be removed or has been disabled.