A web server administrator can do many things to harden a server (increase its security).
The following are ways to increase the security of the web server:
1.Rename the administrator account, and use a strong password.
2.Disable default websites and FTP sites.
3.Remove unused applications from the server, such as WebDAV.
4.Disable directory browsing in the web server’s configuration settings.
5.Add a legal notice to the site to make potential attackers aware of the implications of acking the site.
6.Apply the most current patches, hotfixes, and service packs to the operating system and web server software.
8.Perform bounds-checking on input for web forms and query strings to prevent buffer
overflow or malicious input attacks.
9.Disable remote administration.
10.Use a script to map unused file extensions to a 404 (“File not found”) error message.
11.Enable auditing and logging.
12.Use a firewall between the web server and the Internet and allow only necessary ports(such as 80 and 443) through the firewall.
13.Replace the GET with POST method when sending data to a web server
No comments:
Post a Comment