Network security – how to prevent attacks & secure your server

In order to improve the security of a public web server, one can follow a few security checkpoints, as follows:

1. Your network
The very first checkpoint to consider is your network and the way it is connected to the internet. The real issue here is where you are placing your web server. It is important to understand here that the web server should be kept out of the secured part of
the network.

2. The operating system
Apache runs on almost all flavours of UNIX operating system and also on Windows NT and Windows 95. This does not mean that one can use any operating system for Apache to run. Selecting the proper operating system is an important factor to be considered while dealing with security. Once you choose the operating system, make sure that you disable any extra features that are not required for the web server – for example, if you do not require SMTP/POP mail services or FTP services, ensure that you disable them completely.

3. Web server software
It is very important to make sure here that you are using the latest Apache for your system. It is not a bad idea to compile your own Apache binaries rather than using those of any binary distribution. Also, as Apache is freely available software, it is important that you obtain it from a reliable source. When configuring Apache, pay lot of attention to security configuration related issues. The idea here is to disable anything that you do not use. This will significantly reduce the risks and improve the security measures.


Security Policy Considerations
An administrative security policy describes practices and guidelines to be followed for achieving the security. One can think of adding the following to the existing security policy.

1. Log anything and everything:
The log files at the server end record the behaviour of the server to each and every request. By analysing the log files, one will obtain very useful information about the security of the server. Make sure that you set up Apache to log both access and errors. These are very useful for debugging when something is going wrong with your web server. One needs to monitor the error log closely.

2. Maintain an authoritative copy of your web site:
Keep an authoritative copy of your website. This will help you to restore it when the web server is compromised.

3. Administer your site from the web host console:
Always make it a habit to administer your website from the web host console. Doing so will eliminate the network traffic between the web server and the administrator’s workstation.

4. Compare contents:
Hackers always modify and damage files on the system to which they have gained access. It is a good idea to compare the attributes and contents of files and directories to the authoritative copy. With this, you will come to know if the intruders have altered any of the files.

DNSSEC – fully secured
DNSSEC is a technique for securing the DNS (Domain Name System). It’s a set of extensions to DNS and these extensions provide end-to-end authenticity and integrity. In this, cryptographic verification information is provided along with DNS messages. Public-key cryptography is used along with digital signatures and with the help of these, the requester (requesting the domain information) can authenticate the source of data.
What’s the need for DNSSEC? Information crucial to the operation of the internet is usually stored in a distributed database. Because of this distributed nature, changes to the database may not propagate through all of the DNS servers on the internet instantly. We cannot be guaranteed that the data received by a name server is authoritative or that a name server is not maliciously providing false information. Thus, there is a need to make sure that we get the information from a name server that is authorised to provide the data. In other words, all data must be authenticated before it can be trusted.
In the context of DNS, security refers only to authentication, not confidentiality. DNS itself has no way of hiding data. A query can originate from any host and any host will receive the same answer to the same query. Though DNSSEC provides excellent security measures, it is complex to implement and significantly increases the size of DNS response packets.