Select Page

How to secure web server

How to secure web server

Studies show that 37,000 websites are hacked every day – that translates to 13.5 million websites per year. From exploiting software vulnerabilities to infecting ad-networks, attackers use a wide range of methods to distribute their malware. The good news is, these attacks can be blocked with a systematic approach to hardening your web server.

Now, many think that getting a top-of-the-line firewall is a good enough for website security. This is not true. An experienced security expert will tell you that the best way to secure a server is to deploy a series of defenses, one behind the other. So, even if an attacker manages to get through one layer, there’s another layer to take its place. This approach is called “Layered security”.

Today, we’ll see how to secure web server using “Layered security”.

    1. 1. Implement basic system security

      The web service is just one part of a server. There are hundreds of ways in which server security can be breached. Setting up a strong foundation for server security is the first step in securing a web server. Here’s how:

      • Disable un-used services – In a default OS installation, many services are set to auto-start. This will open ports to the public, which may not be secure. So, disable all services you do not need.
      • Harden the file system – The filesystem controls the access privileges of each user. By hardening the filesystem settings, any malware that’s uploaded to the server can be blocked from being executed.
      • Protect system binaries – Core system binaries can be write protected by using special filesystem settings. Preventing modification at filesystem level can be an effective deterrent against core system infection.
      • Use only verified, authentic software – Get application repos only from official repositories that are cross verified using PGP signature.
      • Setup Mandatory Access Control systems to block unauthorized operations – There are kernel patches in Linux and Mandatory Integrity Control features in Linux that restricts each user to a very limited set of operations. This effectively blocks an attacker from running any damaging exploits.
      • Enable intrusion detection  – Quick reaction to an intrusion or an intrusion attempt can help you limit any damage done on the server. Intrusion detection systems (IDS) monitor sensitive directories, logs and processes to notify you of un-usual behavior.
      • Ensure physical security – Many businesses now use cloud servers from AWS, Google or Azure. For these users, physical security may not be relevant. But for companies that still use on-premise or co-located servers, physical security is still important.

      Read : How to secure your server

    2. 2. Enforce strong network security

      Almost all attacks originate over the network. By locking down your network services, a vast majority of these attacks can be blocked even before it touches your web application. Here are a few tips:

      • Close all ports, and open only the ones you need – This is the most fundamental principle in network security. Block all, and allow only those you really want.
      • Segregate private and public network – Remember that any one can listen in on the traffic from your server. Your company’s private data such as backup, internal mail, traffic to development server, etc. could be open to public. Split your network traffic so that only the data that’s supposed to be public is available over the public IP.
      • Harden the network against common attacks – Many common attacks such as Slowloris, Syn flood, or Spoofed packets exploit insecure default settings in operating systems. The network settings need to be adjusted to defend against these issues.
      • Monitor port scanning behavior and block attacking IPs – Valid users come directly to a standard service port, and request information. Malicious users scan for any open ports. Block any IP that tries to connect to closed ports at random.
      • Setup a brute force monitor to automatically block abusive IPs – Legitimate users do not send in hundreds of login requests per minute. Install a brute force monitor and block originating IPs.
      • Prevent direct access to back-end servers – In reality, only your web server and mail server should be open to the public. All others such as backup server, database server, POP/IMAP server, etc. should be off limits to direct access. Put these servers on a private network to reduce your attack surface area.

      Read : An easy way to enable firewall in Linux servers

 

NEXT PAGE >>

 

For as low as

$74.99/server/mo

Get full spectrum infrastructure management services – including setup, monitoring & maintenance.

Never again face a critical business downtime. We keep your servers secured, optimized and updated at all times. Our engineers monitor your servers 24/7 and fix issues before it can affect your customers.

SEE SUPPORT PLANS


Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES

Privacy Preference Center

    Necessary

    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    PHPSESSID - Preserves user session state across page requests.

    gdpr[consent_types] - Used to store user consents.

    gdpr[allowed_cookies] - Used to store user allowed cookies.

    PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
    PHPSESSID
    WHMCSpKDlPzh2chML

    Statistics

    Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

    _ga - Preserves user session state across page requests.

    _gat - Used by Google Analytics to throttle request rate

    _gid - Registers a unique ID that is used to generate statistical data on how you use the website.

    smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

    _ga, _gat, _gid
    _ga, _gat, _gid
    smartlookCookie

    Marketing

    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

    test_cookie - Used to check if the user's browser supports cookies.

    1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

    NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

    DV - Google ad personalisation

    IDE, test_cookie, 1P_JAR, NID, DV, NID
    IDE, test_cookie
    1P_JAR, NID, DV
    NID