Tuesday, April 14, 2009
Thursday, April 9, 2009
Web Server Hardening Methods
A web server administrator can do many things to harden a server (increase its security).
The following are ways to increase the security of the web server:
1.Rename the administrator account, and use a strong password.
2.Disable default websites and FTP sites.
3.Remove unused applications from the server, such as WebDAV.
4.Disable directory browsing in the web server’s configuration settings.
5.Add a legal notice to the site to make potential attackers aware of the implications of acking the site.
6.Apply the most current patches, hotfixes, and service packs to the operating system and web server software.
8.Perform bounds-checking on input for web forms and query strings to prevent buffer
overflow or malicious input attacks.
9.Disable remote administration.
10.Use a script to map unused file extensions to a 404 (“File not found”) error message.
11.Enable auditing and logging.
12.Use a firewall between the web server and the Internet and allow only necessary ports(such as 80 and 443) through the firewall.
13.Replace the GET with POST method when sending data to a web server
The following are ways to increase the security of the web server:
1.Rename the administrator account, and use a strong password.
2.Disable default websites and FTP sites.
3.Remove unused applications from the server, such as WebDAV.
4.Disable directory browsing in the web server’s configuration settings.
5.Add a legal notice to the site to make potential attackers aware of the implications of acking the site.
6.Apply the most current patches, hotfixes, and service packs to the operating system and web server software.
8.Perform bounds-checking on input for web forms and query strings to prevent buffer
overflow or malicious input attacks.
9.Disable remote administration.
10.Use a script to map unused file extensions to a 404 (“File not found”) error message.
11.Enable auditing and logging.
12.Use a firewall between the web server and the Internet and allow only necessary ports(such as 80 and 443) through the firewall.
13.Replace the GET with POST method when sending data to a web server
Vista Areo
In XP, the desktop theme was called 'Luna', whereas in Vista, the equivalent new desktop, shell and GUI is called AERO. Yet, Windows AERO is more than a shop window for the operating system's shell, in fact AERO defines, creates and expresses the whole user experience. Perhaps you have flirted with XP's themes? For example, you have tested the Aquaria, Earth views, or even tried the humble Wheat. Superficially, the AERO effect is an extension of such Themes. However, the extra dimension that AERO brings is a glass, see-though effect. If you take the redesigned Recycle bin as an example, when you delete a file you can see how the AERO graphics change to show a screwed up paper balls in the bin. Moreover, the bin chameleon like as it subtly changes its color when you alter the background.
Subscribe to:
Posts (Atom)
