the intruder has installed Gaining unauthorized access to resources elsewhere

The intruder has installed gaining unauthorized

This preview shows page 18 - 20 out of 142 pages.

the intruder has installed Gaining unauthorized access to resources elsewhere in the organization’s computer network Launching attacks on external sites from the Web server, thus concealing the intruders’ identities, and perhaps making the organization liable for damages Using the server as a distribution point for illegally copied software, attack tools, or pornography, perhaps making the organization liable for damages Using the server to deliver attacks against vulnerable Web clients to compromise them. ± Inadequate or unavailable defense mechanisms for the Web server to prevent certain classes of attacks, such as DoS attacks, which disrupt the availability of the Web server and prevent authorized users from accessing the Web site when required. In recent years, as the security of networks and server installations have improved, poorly written software applications and scripts that allow attackers to compromise the security of the Web server or collect data from backend databases have become the targets of attacks. Many dynamic Web applications do not perform sufficient validation of user input, allowing attackers to submit commands that are run on the server. Common examples of this form of attack are structured query language (SQL) injection, where an attacker submits input that will be passed to a database and processed, and cross-site scripting, where an attacker manipulates the application to store scripting language commands that are activated when another user accesses the Web page. A number of steps are required to ensure the security of any public Web server. As a prerequisite for taking any step, however, it is essential that the organization have a security policy in place. Taking the following steps within the context of the organization’s security policy should prove effective: ± Step 1: Installing, configuring, and securing the underlying operating system (OS) ± Step 2: Installing, configuring, and securing Web server software ± Step 3: Employing appropriate network protection mechanisms (e.g., firewall, packet filtering router, and proxy) ± Step 4: Ensuring that any applications developed specifically for the Web server are coded following secure programming practices 2-2
Image of page 18
G UIDELINES ON S ECURING P UBLIC W EB S ERVERS ± Step 5: Maintaining the secure configuration through application of appropriate patches and upgrades, security testing, monitoring of logs, and backups of data and OS ± Step 6: Using, publicizing, and protecting information and data in a careful and systemic manner ± Step 7: Employing secure administration and maintenance processes (including server/application updating and log reviews) ± Step 8: Conducting initial and periodic vulnerability scans of each public Web server and supporting network infrastructure (e.g., firewalls, routers).
Image of page 19
Image of page 20

You've reached the end of your free preview.

Want to read all 142 pages?

  • Summer '19
  • ........., Web page, World Wide Web, Web server

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes