Page 28 - index
P. 28
Remote Access: Remote connections should maintain securely with encrypted protocol.
Remote access should include specific IPs and accounts. It is advisable that never use public
computers or networks for remote access of the company server like public internet cafe or
public wireless network. You could be a victim if you are using public networks, hackers can
easily hack your server by sending malware or threat in your system.
Testing & Development: Development and testing of web application must have separate
environment. Web application in their earliest stage of development could suffer from numerous
vulnerabilities and it is unable to handle exceptions. Such applications are on target of hackers
and could easily be revealed and exploited. To make easy development process of web
application, web developers should develop internal applications for exclusive right to access
web application. It is sensible for developers, not to test web applications on production server.
However, testing and development process must be done on servers inaccessible from the
internet.
Web Application Content: Website scripts and application files should always be on a
separate drive rather than an operating system, system files, and log files. Hackers can easily
gain access to the web root directory and exploit vulnerabilities to gain access of operating
system, log files, or system file those results in total control of the web server in hacker’s hand.
Exclusive right: Network service software runs some specific files and if the web server engine
is exposed via network service, then hacker can abuse server account. Therefore, there should
be less exclusive rights to run network services like web server software. A user who accesses
a website, web application files, data backup, and database should have minimal rights. Thus,
the web server will remain secure.
User accounts: Default user accounts made throughout an installation of operating system
should be canceled. Some software at the time of installation require a user account which
should be closely monitored and if require it must be restricted for the privilege. Administrator
account should not be used for other system installation like Linux/Unix system. Administrator
who access web server must have different passwords with exclusive right. The administrator
should never exchange or share their passwords with each other.
Updates: Many software companies release updates for software to prevent potentially
malicious attacks. Thereby they want to make their software better for the future usage. It is
important to know about upcoming tools (scanning, penetration testing, etc.) and threats with
the help of security magazines, newsletters, articles so you can take further steps to secure
your web server in a better way.
Multitasking: Many companies run different functions on a single server that could become
serious for web server security. If a hacker compromised your server, all the functions would be
exploited. Therefore, each function should have a dedicated web server to make your task
simple and prevent malicious attacks.
28 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
