Network security – how to prevent attacks & secure your server

Web security – securing a web server
Web servers are considered as the easier targets for the hackers. As a web server is usually exposed to the entire universe, it’s pretty important to secure it. This is the reason why the sensitive information (such as credit card numbers) stored on a web server are always encrypted. Apache is the most popular web server. It is available on UNIX, Windows and Macintosh operating systems. Apache is an open source web server and developers across the world keep on working constantly in order to improve its performance and level of security.

The following are some of the common security threats that we normally encounter in a web environment.
1. Information leak – Make sure that we publish very minimal system information. The less a hacker knows about the configuration of your system, the more difficult it will be for him to get into your system.
2. Risk with CGI applications – Make sure that you have well-written CGI applications. A poorly written CGI application can use system’s resources to a point where it could become completely unresponsive.
3. Access to potentially dangerous system commands and applications – The best way is to restrict to the maximum possible extent to start with and then allow the access on a case by case basis.

It is very important to make sure that you use the latest Apache for your system. Also, as it is freely available software, one needs to obtain it from a reliable source.

For securing a web server such as Apache, you need to focus on the web server configuration file – httpd.conf. In other words, at the server level, the directives we put in the configuration file will control the access. There are three important directives – order, deny and allow – which will help in controlling the access. Let’s have a look at a simple example:

<directory /usr/local/http/docs>
<limit>
order allow,deny
allow from all
</limit>
</directory>

As the name suggests, the ‘order’ directive instructs the server to process all allow directives before any deny directives. And ‘allow from all’ allows the server to give access from any client IP address.
Consider a case where we need to be selective in granting access. The following example illustrates this.

<directory /usr/local/http/docs>
<limit>
order deny,allow
deny from all
allow from .my_firm.com
</limit>
</directory>

You’ll notice from the above example that the deny directive restricts the access to everyone. Then the allow directive grants access selectively – to anyone whose machine name is a part of my_firm.com domain. Thus by using order, deny and allow directives we can secure the web server to some extent. These directives will be of significant use when we have very sensitive information at some location on the web server.

It is important to disallow web requests to your .htaccess files – by adding the following directive to the web server’s configuration file:

<Files ~ “\.htaccess$”>
order deny, allow
deny from all
</Files>

As a rule of thumb, there should be no default access. This means that one should get into the habit of permitting no access at first. Then specific access can be permitted to specific locations. The following configuration segment illustrates this.

<directory />
order deny,allow
deny from all
</directory>

We normally encounter another command – exec – and it is important to note that any program that uses this command poses a big security threat if called incorrectly. At the same time, it is relatively simple to disable all exec calls from an entire website or allow exec calls to be made from a specific directory only. A sample piece of program is given below to illustrate this:

<directory>
Options IncludesNOEXEC
Order deny, allow
Deny from all
</directory>

The options line in the configuration above disables exec calls.