Securing Web Server

Organizations always focus on making sure information about their servers is not available to the public, especially sensitive info and that is why they focus on having different public spaces. One of them, which ensures they have an online presence and their clients can access their website easily, is represented by servers.

Web servers

However, it seems that they are also exposed very much to online attacks and organizations need to find a way through which they can share information, without actually giving the store away. If a company’s server is breached and data is stolen or deleted, that company will have a massive reputation stain which will be very hard to wipe off.

Threats against Web servers

Even though the threats online servers are exposed to are actually by the hundreds, they will generally depend on a few factors, like the operating system, applications and environment companies configured on their servers. Below, people will be able to learn more about the most common types of attacks a server is exposed to.

Denial of service

For those who are aware of it, they know that this is a very old school attack which does create some problems for the targeted server. When used correctly, it will manage to drain the resources of the server, making operations slow down or even cease. If a server’s resources are going to be fully drained, then it will simply go offline.

Distributed denial of service

This is the “meaner” version of the aforementioned attack and it can really cause a lot of server activity to be disrupted. So basically, most of the times this type of attack will be carried out by hundreds and even hundreds of thousands of computers which will target a single server or more at the same time. In order to be successful, this attack needs to be very well coordinated. Example how DDoS affect internet in general: http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

There are many other types of attacks like these ones that can do a lot of damage to a server and some of them are presented below:

Port scanning attack

Port scanning is described by a host’s structured and also systematic scanning process. The first step in this type of attack involves the attacker scanning the target machine to find weaknesses that can be eventually exploited. Port scanners in fact are very easy to obtain and a simple search on Google will reveal there are plenty of them people can download. Most of the times it’s inexperienced hackers that will use this method of causing trouble, because it is very simple to use and really effective.

FTP bounce attacks

Many hackers actually love this type of attack, because it’s quite sneaky. It begins with the attacker uploading a specially designed file to a FTP server. What follows is the file reaching a different location after being forwarded and because it contains a special load, it will do something the attacker plans on doing to the server.

Smurf attack

Smurf attacks are very similar to ping flood attacks, but there are some specifics about each one. How does this work? Well, an intermediate network will have a ping command sent to it, however, the only difference is that when it receives the signal, it will be very much amplified. Because the network will be flooded with traffic, its performance will be heavily affected.

Protecting your server

Plenty of people might have gotten a bit scared after they read about the previous types of attacks, but they shouldn’t be. There are plenty of solutions they can use for protecting their servers and they will be described below.

Separate production and development servers

It might come as surprising, but it seems that tweaking and developing code is still done by the developers by using the resources of the organization’s production servers. The bad thing about this is that unpolished code can easily be spotted by the eye of an experienced hacker, so he can immediately take advantage of it. That is why messing with the code should be done only in a development environment, where there are no risks involved.

Separate Web servers for external and internal use

Another thing that it’s very basic, but still considered as it should be is the fact that organizations have apps and websites used both internally and externally and they should not have one server for them, but actually two. When considering a separate server for internal and external usage, the risk of hackers breaching a server and then accessing data or even the internal systems, is decreased.

Keep your system up-to-date

For those who want to make sure their servers are as safe as possible from possible attacks, it’s best if they will patch up their system regularly. Some companies will have to do this manually, but there are also organizations that have special systems in place which will immediately upgrade their servers with the required updates, when they are finally released to the public. This is especially important for ecommerce hosting entities such as Macquarie Telecom, if compromised, affect both service and end-user putting their privacy, security and finance in danger.

Regular audits

Organizations will use different types of servers and applications and if those apps are advertised as being the best and better than all the rest, they should certainly feature a way to generate system logs. These logs will eventually need to be properly scanned and individuals should take notice of any suspicious activities or software failures.

Vulnerability scanning

Another way of finding out whether a server has some weaknesses which can be exploited can be done through vulnerability scanning. This means a special scanning tool will be used to detect software related problems, but it will also detect whether there are any patching or configuration issues that need attention.

The good news about such tools is how frequent they are updated, so any company out there can easily detect if their servers are experiencing problems and then take the right steps to fix them. To offer an example of such tools, one of them is Nessus (http://www.tenable.com/products/nessus) and it’s really effective.

Developer training

In the end, some companies may want to take this vital step for their operations and reputation and educate their developers on secure coding practices. This will at the least cause a very significant reduction in problems related to sloppy or lazy coding and sometimes, it can fully eliminate them.