Log in

This website uses cookies

We use cookies to improve user experience. Choose which cookies you allow us to use. You can read more about our Cookie Policy in our privacy policy

See Cookies Details
Categories
Professional eBook

How to Safeguard Your Web Server Against Attacks 

Essential Strategies for Securing Your Server

by Mujthaba Hassan
0
Language :  English
Learn key strategies to protect your web server from attacks, including patch management, changing default settings, blocking unused ports, and checking for application vulnerabilities.
Professional Plus subscription free for the first 30 days, then $6.99/mo
Content

Websites are typically hosted on web servers. They need to be frequently maintained and updated with the latest security patches in order to secure them. Either the web server can be directly attacked, for example via a DoS attack, or a vulnerable application could provide a launching point for an attack, e.g. an older version of software that contained security bugs. Common vulnerabilities of web servers include default settings, pre-existing bugs, misconfiguration attacks, and directory traversal.

Default Settings

Every server comes with a set of defaults, and it is highly critical to change these as soon as possible, an example of this could be default user ID and passwords. Not disabling them or changing their passwords could lead to easy access to the server.

Pre-existing Bugs

Bugs might exist on a certain version of the application running on the server or the version of the server itself, and therefore it is very important to constantly patch the server to the latest security update and update the applications running on the server.

Misconfiguration Attacks

The server could be running services that aren’t required to run. The error isn’t handled, and the default error page is displayed, giving away details of the server and application the server is run on.

Directory Traversal

Directory traversal should be disabled. The hacker could traverse the directory and download sensitive documents otherwise, they might also create a backdoor or replace an existing file with a file containing trojan.

Luckily, there are several ways to protect your web server. These include patch management, antivirus software, changing default configurations, blocking unused ports, and regularly checking for application vulnerabilities.

Patch Management

Ensure to always have the latest version of the software running with the latest patches.

Antivirus

A reliable antivirus should at the very least restrict malicious software from running.

Default Configuration Changes

The default configurations have to be either disabled or changed.

Block unused ports

Block the ports that are not in use, ports can be exploited for sneaking into the system.

Check applications for vulnerabilities

There are tools like Tenable Nessus that can scan the server and reveal the applications that have known vulnerabilities that are running on your server. Once you recognize the vulnerable software, update them.

If you want to find out more about this topic, follow this link.

Write a review
About the Author

Mujthaba Hassan