Web server security is an ever evolving issue. Everyday new and improved attacks are being leveraged against major web servers causing it managers to scramble and find a solution. As new technologies emerge, the internet hacker will always find a way to break through anything thrown at them. If time has shown us anything, it’s that web developers will always need to be very aware of security issues on their servers.
One area of major concern to a web developer is unnecessary services. Running extra and unnecessary services on a server creates a possible security problem. Default operating system installations are not very secure and typically these operating system will turn on a large variety of services that aren’t really needed. The more services that are left open, the more likely a hacker will find a hole in the server’s security.
Remote access is becoming more and more popular for web administrators, as it allows virtual constant access to the server machine. However, this does increase the risk for security threats to the server. Whenever possible a web administrator should log on to the machine locally. Remote access should be limited in use as well as in depth. Whenever possible, if using remote access, limit the number of IP addresses that are allowed to use it. This will help to harden some of the security for the server.
All updates to security should be installed immediately. Often web administrators put this off because it requires some time and effort to get the server patched, restarted and back online. Generally speaking patches come out because a security hole has been identified. When the patch is released that hole becomes public knowledge. You are putting yourself at an unnecessary risk by putting of installing patches to the operating system. These patches should be installed at the first available opportunity.
Monitor the Server
Its good practice to take a regular look at the server access logs. If you’re running a database program you should look at those two. These logs will help to identify any possible malicious attempt to access the system. With this information you can block ports or IP addresses that seem problematic. This helps to further harden the security of the web server.
Never under any circumstance use the default accounts. Quickly change the passwords for all the default accounts on the server. Leaving the default accounts can increase the servers chances of an attack. Be sure you rename the built in administrator accounts too.
Server security is a major issue on the internet these days. Take caution and spend a bit of time hardening the security for your web server. Monitor the traffic and logs on a regular basis and quickly identify and take care of any possible threats. By doing so, you will greatly reduce the likely hood of attack.