Securing your Web Server

The number of users that are connecting to the Internet is increasing every day, and not all of them are looking for information. Some are out to find holes in your security and get access to your server that they shouldn’t have. With the popularity of web applications opening up even more security vulnerabilities, there are steps that need to be taken to assure the integrity of your servers.

There are many ways to secure your server from configuring it yourself and using open source software, to hiring an IT staff with a support team to monitor your server. Each option has its merits and flaws. If you configure it yourself, do you have the knowledge to correct issues that come up without major downtime? If you opt for the IT staff, does their cost out weigh the benefit? Do you use open source? All of these questions and more need to be answered to have a secure server.

One of the simplest ways to secure your server is to make sure it is patched and updated with the latest updates. This is a simple step and needs to be performed at least weekly. Another simple step would be to do testing on your server before you make applications live. Not just making sure that it works correctly, but making sure that it is not vulnerable to SQL injection.

Web applications have opened up an entirely new headache with security. Many times they have direct access to the database with little error checking. A way to help try to stop this is to use something like ModSecurity. ModSecurity is an open source web application firewall. It has many features that will make it more difficult for intruders to gain access to your server.

A step that many people do but do not take advantage of, is logging. Many people have log files but never look at them. An intruder may have been trying for weeks to gain access to your server before he finally got in. If you examine your logs, then you may have discovered his attempts before he compromised your server.

There is much more to running a server than just plugging it. It takes work and a lot of knowledge. Most people can connect a computer to the internet and have it run a web server, but it takes great deal more to secure it.

By Rodney Sellers

Rodney Is A Staff Writter for iEntry.

Leave a comment