David Rodriguez FINAL PROJECT: WEB SERVER SECURITY.
-
Upload
harry-lane -
Category
Documents
-
view
222 -
download
6
Transcript of David Rodriguez FINAL PROJECT: WEB SERVER SECURITY.
David RodriguezFINAL PROJECT: WEB SERVER SECURITY
Introduction: Web server security:Changing platforms
In the past only html code -required a lot of coding hours to maintain
Content Management Systems emerged (CMS) – reduced coding time significantly
CMS’s are database driven (developers store more data)
CMS’s are far more functional and lend themselves to more activity.
CMS’s have a large group of 3rd party developers (software can be vulnerable).
CMS platform vulnerabilities are widely known.
Introduction: Web server security: Front line risks
Web Servers are:
Generally out of the box most insecure platform
Available for hacking all the time
Good gateway into more sensitive areas
Generally have databases residing on the server or connected to the server
Increased customer functionality can provide PII
Many more risks
Introduction: Web server security:Information Gap
There are many resources that can be identified that will address very specific areas of risk. However, not many can be found regarding the entire holistic security coverage of a web server.
Introduction: Web server security:Information Gap
The information gap is due to a few reasons:
First: It’s a SECURITY ISSUE.Second: It’s a living.Third: It changes all the time.
Introduction: Web server security:Areas of Protection
Physical Security
Network Level Security
vmWare Security
Operating System security
Web Server Security
Database Security
CMS Security
Application Security
Introduction: Web server security:Project of Focus: Server Suite
The real world project of focus for the report:
An agency needs to submit sensitive information via a html form and then import this information into a enterprise wide system.
The agency needs ad-hoc and scheduled reports on these submissions.
This entire process needs to be functional, flexible, secure, resilient.
Introduction: Web server security: Project of Focus: Server Suite
Introduction: Web server security:Backup Everything/Disaster Recovery/Logging
Backup needs to occur:
AT THE FILE LEVEL
AT THE DATABASE LEVEL
AT THE VMLEVEL
SAN SNAPHOTS
MULTIPLE ACCESSIBLE BACKUPS FOR EACH LEVEL
REMOTE SYNC LOCATION
LOG EVERYTHING AT EVERY LEVEL
Introduction: Web server security:Stay Active
AUDIT - Examine your web server configuration often
MAINTAIN – Establish maintenance activity processes/people
REVIEW – Establish a review process that covers auditing/maintenance. Review need periodically to make sure server is organizationally needed.
Introduction: Web server security:Questions
?