October 12, 2007
Protecting Web Servers from AttackNIST guide suggests way to web servers more resistant to attacks
A new publication that provides tips on how to make web servers more resistant to potential attacks has been released by the National Institute of Standards and Technology (NIST). The freely available guide, entitled Guidelines on Securing Public Web Servers covers some of the latest threats to web security, while reflecting general changes in web technology that have taken place since the first version of the guide was published five years ago.
Web servers are often the most frequently targeted hosts on a computer network, and attackers gaining access to the server can access sensitive information or install malicious software to launch further attacks. Recently emerging threats include "pharming," in which people attempting to visit a web site are redirected surreptitiously to a malicious site.
How does you thwart these attacks? According to the NIST guide, you can do things like keep up-to-date on patches for web server software and the underlying operating system, and secure the by disabling unnecessary services and applications which may have security holes that can provide openings for attacks.
The guide advocates "defense in depth -- installing safeguards at various points of entry into the server, from the router that handles all incoming data traffic to the specific machines that house the server software. In addition, the guide recommends, organizations should monitor log files, create procedures for recovering from attacks, and regularly test the security of their systems.
|
 |
|
|||||||||||||||||||||||||||
|
|
|
