Web servers have been designed to collect various requests anonymously from unauthenticated web hosts on the Internet. Web servers deliver the information in an effective and expeditious way. Because of this, they provide portals into your computer that be used by friends or enemies.
There is no software that is immune from this security risk . Web servers are complex programs. Businesses use Web Servers with source code that is free and available over the Internet. Source codes are available for perusal, but it also means that hackers can scan the same code while seeking weaknesses.
What complicates CGI script security is the ability to add functions to Web Servers. The CGI script can easily add new features to Web Servers, and it can bring about its own security problems. A prime example are Web Servers that are configured to only access files stored in a directory on a computer, but the user might accidentally install a CGI script that allows outsiders to read the files on the computer.
Because different users do not contain the skill of writing secure programs, it proves possible that local-written CGI scripts will have “bugs” that enable anyone to execute commands on the system.
Because of the various programming languages, ability of different people being able to log in at the same time from remote websites over networks and the richness of its tools, the UNIX OS (Operating System) is a terrible choice for running a secure Web Server.
Many PC-based operating systems share these characteristics. This proves they are not appropriate choices. The most reliable Web Servers are computers that run on a Web Server with no applications that have accessible scripting languages, and do not support remote logins.
On the other hand, there are various advantages to running Web Servers on a UNIX computer instead of MAC’s. UNIX typically runs faster in comparison to a MAC when comparing hardware. UNIX is capable of hardware platforms that run faster than PowerPC-based computers. It proves easier for businesses to integrate UNIX-based Web Servers with their original information-infrastructure.
This creates an abundance of opportunities for Web offerings. Currently, more MIS professionals than ever before are familiar with building UNIX-based Internet servers in comparison to building MACOS-based servers. It is highly suggested that business administrators try out the MAC-based servers.
In order to create a Web Server that proves secure on any platform, you must ensure different things:
- CGI scripts must return an error message or achieve the expected function. The scripts should be able to handle any malicious input.
- Users must not be allowed to execute shell commands or arbitrary programs on the server.
- If the server becomes compromised, the hacker should not be able to use the server for future attacks against your business or organization.
Keep your scripts classified
You must restrict access to source codes. It proves too easy to make mistakes when creating a CGI program which is why it is recommended to keep the programs and scripts classified. This does not always guarantee tight-security for scripts with bugs for a hacker can still find flaws in the system; it highly depends on how motivated the hacker is.
Keeping these things confidential, does increase the amount of work involved. Expert hackers will be able to get through, but casual hackers may get bored and move on to other easier systems to hack.
You must prevent users from reading contents of the CGI scripts. This will help in not allowing hackers to analyze the scripts searching for flaws.
This proves especially helpful for scripts that originate from your business. Scripts may not be subjected to the same certification and checking as scripts that have been written for redistribution or publication.
Miscellaneous issues
There are other things that you can do in making your Web Server more secure. You can control the number of users on the computer. This will make it difficult for hackers to break into the server and if the hacker proves successful, it decreases the amount of damage that can be done.
If you want to make a server a stand-alone computer, there are some tips that can be used to isolate your computer from the network, which will make the computer more secure while making it difficult for hackers to exploit.
- Do not export directories or NFS mount
- Delete unnecessary accounts
- Delete utility programs that are not used when booting or by the Web Server
- Delete compilers
- Do not ever run a mail server
- Provide the least amount of network services possible
Image Credit: NJB Security
5 comments