Web security is most critical issue in any business and also mostly hacker attacked on it. Web server is one of the most targeted public faces of an organization because web application hosts the sensitive data. Web server security is most important than web application itself and the network around it. If you have secure web server and unsecure web server it mean you puts your business at huge risk.
Following is a list of tasks for securing a web server.
When we install the web server default operating system and configuration it mean that the over web server not secure. Sometime typically default installation many network services which won’t use in a web server configuration are installed such as remote registry services and print server service. When the services running an operating system then many port left open then it mean open the door for hacker. Switch off all unnecessary services and disable them so when next time when server retort then it not open automatically. Also uncheck the unnecessary information give the extra boost to your performance.
When possible server administrators should login to web servers locally. For good security purpose we can use security token and other signal sign on equipment and software. Through remote access we should restrict the specific number of IP and specific account too. It is very important in security point of view not to use the public computer or network to access the server.
The web application files and script should always be on a separate partition and log and any other system files. Hacker always attack on web root directories were able to exploit other vulnerabilities and were able to go a step further and escalated their privileges to gain access to the data on the whole disc and including the operating system and other system file.
Web server present the all log. These should ideally be stored in a segregated area. All system log check frequently like logs, website access log and data base server log. These logs should be monitor and checked frequently because the log file consists about log information so always hacker attack on log file. If notices strange activity from the log this should immediately be escalated so the issue can be investigated to see what happening in log file.
The ISO 27001 UK is international information security management system. It helps the organization manage their information assets and give the security from hackers.
Web server and Data base security