Significant Improvement in Safety Levels
Theoretically, the web server should operate within a very minimal network and system configuration.
Compliance with this simple rule is actually able to produce as a result a significant improvement in safety levels through expedients such as:
- disabling all non-essential network services and, in particular, those affected by known security vulnerabilities;
- the removal from the system of the files corresponding to the disabled services;
- the elimination of unnecessary listening TCP and UDP ports;
- the removal or disabling of all unsolicited resources in relation to the role of the host (compilers, interpreters, shells, scripts and other similar tools);
- the correct management of users and their privileges;
- the preparation of adequate rules for the access and use of resources;
The activities referred to in points 1 to 4 are particularly important not only from a general perspective of reducing the risks of compromising the system but also with a view to streamlining administration activities and, therefore, the lower probability of making configuration errors which can be readily exploited by an attacker.
To this end, precisely to avoid forgetting, it is convenient to adopt a “deny all, then allow” approach which consists first of disabling all TCP / UDP services and ports and then re-enabling, after a careful evaluation, only the truly essential ones.
Management of Users
Also with regard to the management of users and privileges, rules based on restrictive criteria must be established aimed at:
- prevent the http service from being launched by a user with administrative privileges because this can lead to the acquisition of complete control of the system in the event of a successful exploit;
- disable or remove all unnecessary accounts, installed by the operating system or other software, to reduce the risk of impersonation or escalation of privileges in the event of an intrusion;
- change the name of the administrator account;
- adopt criteria of password strength in terms of length (at least 8 characters), complexity (alphanumeric with a mix of upper and lower case characters and the use of non-printable characters), reuse (to be avoided) and duration (on average 30-120 days);
- verify passwords directly, preferably using the same tools used by hackers, to ensure that they meet the desired criteria;
- user blocking after a certain number of failed login attempts;
Blocking users is a measure to be taken with caution as it is a double-edged sword that can push the attacker to cause a DOS (Denial of Service) situation for the user through a series of failed connection attempts.
The individual processes involved in the management of the http service must in any case have access only to the files and directories necessary for their operation for which it is necessary to specify access rules (so-called acl or access control list) which, in addition to offering greater granularity in control of the use of resources, they are able to avert or mitigate the effects deriving from a possible DOS attack aimed at causing a situation of unavailability of the entire system through an exhaustion of its resources.
Reduce the Effects From Attacks
In this perspective, indeed, to significantly reduce the effects deriving from attacks of this kind, it is always recommended to resort to further corrective interventions which consist in:
- create a single root directory and derive from it a hierarchy of subdirectories in which to divide the resources that make up the public content of the Web;
- limit to a single directory, suitably configured and protected, all the “external” programs executed as an integral part of the Web service;
- limit the use of temporary files by individual processes within specific, suitably protected directories and allow access only to the processes themselves;
- prevent files and resources outside the server’s directory hierarchy from being provided in response to user requests;
- disable the use of symbolic links to prevent resources that are part of the Web content from pointing to system files or other resources within the LAN;
- adjust the priorities of the various system processes;