Interview Questions

Web server security

Computing Security,Information Security, NT security, Web Security and Network Security Questions and Answers


(Continued from previous question...)

Web server security

There are a number of problems with web servers. Bugs in the server, stupid CGI scripts, erroneous configurations, strange other services (e.g. data base connections) are just a few things that might be used to damage your security.

You might want to look at the WWW Security FAQ to get some general security information on WWW.

If you install an Windows NT machine as a web server or a firewall, you should tighten up the security on that box more that you should do to ordinary machines on your internal network since a machine accessible from the Internet are more vulnerable and more likely to be attacked. Securing the machine gives you a bastion host. Some of the things you should do include

* Remove all protocol stacks except TCP/IP, since IP is the only protocol that runs on the Internet
* Remove some network bindings
* Disable all unnecessary accounts, like guest
* Remove share permissions and default shares
* Remove network access for everyone (User Manger -> Policies -> User rights, "Access this computer from the network")
* Disable unnecessary services (FTP, etc)
* Enable audit logging
* Track the audit information

(Continued on next question...)

Other Interview Questions