8.1 Web Server Security
Bad things happen to good servers. What can happen? Where should you
look? The Web has the same problems as the other important Internet
services discussed in this book, differing mainly in the details.
8.1.1 Problems and Goals
Malice or mistake, whether local or remote, can foil the security
goals mentioned in the first chapter. Table 8-1 lists some security problems you may
encounter, as well as the desired
goals.
Table 8-1. Web-security problems and goals
|
Theft of service
Warez or pornography uploads
Pirate servers and applications
Password sniffing
Rootkit and trojan program installation
Denial of service targeting or participation
|
System integrity
|
|
Vandalism, data tampering, or site defacement
Inadvertent file deletion or modification
|
Data integrity
|
|
Theft of personal information
Leakage of personal data into URLs and logs
|
Data confidentiality
|
|
Unauthorized use of resources
Denial of service attacks
Crash or freeze from resource exhaustion (e.g., memory, disk, process
space, file descriptors, or database connections)
|
System and network availability
|
8.1.2 What, When, and Where to Secure
Vulnerabilities exist everywhere, but
some are more frequently targeted:
- Code
-
Buffer overflows, string-format hacks, race conditions, logic errors,
memory leaks
- Files
-
Ownership, permissions, symbolic links, setuid/setgid
- Authentication and authorization
-
Coverage gaps, data leaks, spoofing
- Network
-
Promiscuous mode, denial of service; connectivity
- System
-
User accounts, passwords
I'll describe web-server security more or less in
chronological order, pointing out the problems and best practices as
we go:
- Build time
-
Obtaining and installing Apache
- Setup time
-
Configuring Apache
- Runtime
-
Securing CGI scripts, with PHP and Perl examples
- Special topics
-
Issues spanning the operating system, web server, and CGI scripts:
authentication, authorization, sessions, SSL, and others
8.1.3 Some Principles
Many
times, I'll invoke one or more of these security
mantras:
- Simplify
-
Configure with least privilege. Avoid using
root and restrict file ownership and
permissions. Provide the bare minimum to serve files, run CGI
scripts, and write logs.
- Reduce
-
Minimize surface area; a smaller target is
harder to hit. Disable or remove unneeded accounts, functions,
modules, and programs. Things that stick out can break off.
- Strengthen
-
Never trust user input. Secure access to
external files and programs.
- Diversify
-
Use layers of protection. Don't rely on security by
the obscurity of a single mechanism, such as a password.
- Document
-
Write down what you've done because you
won't remember it. Trust us on this one.
|
