Chapter 9: Web Server Security

Previous page
Table of content
Next page


Overview

  • Developing Ways to Keep the Server Safe

  • Understanding Good Server Administration Methods

  • Overcoming Distributed Denial of Service (DDOS) Attacks

  • Detecting Apparent Communication Errors

  • Developing Web-based Application Testing Techniques

  • Creating a Secure Web-based Application Installation

While desktop and LAN security has become passe, and you don’t hear much about it anymore, the media hasn’t let us forget about Web servers. Some of the articles in the trade press verge on paranoia as industry pundits scream tirades of imminent Internet destruction from forces unknown. The screams have long drowned out any sense that anyone could make of the situation. Certainly, the potential for danger is real—reports of every sort tell of the damage done by the current viruses—but just how vulnerable are your application, server, data, and users? Sitting quietly and reading some of the reports presented by reputable security agencies and consultants will tell you that the danger isn’t as extreme as everyone else seems to think it is. The real danger is a lack of preparation, maintenance, and vigilance on the part of those who are supposed to maintain the Web server in some semblance of readiness against attack, which includes the developer in many cases. Of course, the silliness of the user plays a significant role in the demise of your server as well (see the “Stupid User Tricks” section of Chapter 1 for details).

This chapter mixes administration and programming techniques designed to keep your server safe. There are no fixes. No patch in the world will keep your server safe—only constant vigilance can attain that goal. The programming and administration techniques in this chapter reduce the amount of work you need to maintain your network and make detection of potential threats easier.

Note

Most of the security articles you’ll read still say that internal threats are much greater than those from outside. Disgruntled employees can become your worst security nightmare. However, growing evidence shows that outside forces might be gaining as a threat. For example, the vnunet.com article at http://www.vnunet.com/News/1140907 says as much as 90% of attacks could come from outside sources. Of course, the biggest reason for this change is increased server exposure due to Web-based applications.

Once you get past simple administration and good programming methods, it’s time to discuss some specific threats. For example, this chapter covers methods you can use to keep someone from turning your server into a zombie (think of the movie caricature—a computer with no will of its own that goes out of its way to destroy other computers). Crackers use a number of interesting techniques to gain a foothold on your system and many of them don’t involve patches to existing DLLs. For example, the simple act of processing an out-of-band (OOB) message (essentially an exception) can ruin your whole day. Threats to your server also include apparent (not real) communication errors, poor testing techniques, and installation problems.


Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Java How to Program (6th Edition) (How to Program (Deitel))
Visual C# 2005 How to Program (2nd Edition)
.NET System Management Services
VBScript in a Nutshell, 2nd Edition
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy