Best IT Blog

Sample Production Server Cut-over Checklist

Posted in O S (375) by Guest on the January 11th, 2011

Sample server details to consider:

  • Administrator / Root Administration in place
  • User Security is in place
  • File system NAS / DAS storage setup
  • File Shares Setup connections
  • Printer Server Setup connections
  • Syncronize Time System Server Setup, OS Build, connections
  • F5 Cache server setup for new server
  • Server Certificate Server loaded with copy of current production
  • Install dependent secondary server applications
  • Install dependent primary server applications
  • Validate all required server basic data is complete in staging
  • Snapshot backup of server
  • Cleanup server tmp / work files for cut-over
  • Document server setup
  • Document server transition details for operations
Comments Off on Sample Production Server Cut-over Checklist

Role Based Access Controls – SUDO suggestions

Posted in Information Rights Management (100) by Guest on the January 10th, 2011

Sudo: A Unix command enabling accounting for root actions

Sudo (superuser do) intends to replace su; it allows certain users (or groups of users) to run some (or all) commands as root while logging all commands and arguments.

Create appropriate Web, Application and Service dedicated Groups to sandbox priveleges. Create such groups as:

OS_Monitoring (syslogs)
OS_Monitoring (NOC, SOC, GNOC)
SUDO_GRP (sudo_all)


Development / QA environments:

SUDO_GRP (sudo_all)

Comments Off on Role Based Access Controls – SUDO suggestions

eHealth – Corelating Interface Indexes to Interface Names

Posted in Networking (340) by Guest on the January 9th, 2011

Alarms may be generated in Spectrum by either Spectrum itself or eHealth that reference interfaces that seem to have no tie to the device itself. This is because eHealth might refer to the interface using the MIB Index instead of the name.  The MIB indexes can be quickly correlated with interface name using Spectrum one click.  Follow the following steps to view the MIB index next to the interface name.

Select the actual device in Spectrum.  The easiest way to do this when responding to an alarm is to simply double click on the actual alarms,

This will bring you to the device next click on the Interfaces tab in the “Component Detail”. Be sure to select the appropriate device before in step 1.

Right click on the column names in the “Interfaces” tab to bring up the “Table Preferences.”  Select “Index” as shown below:

1.       Name
2.       Condition
3.       Status
4.       Type
5.       Description
6.       Index
7.       Board.Port
8.       Mac Address
9.       IP Address
10.    Port Speed
11.    Duplex Status
12.    Trunk Membership
13.    Device Connected
14.    Port Connected
15.    Network Link Type
16.    % Utilization
17.    IP Alias
18.    IP Name

The “Index” column is now shown.  It can be moved closer to the description for better viewing if desired.

Comments Off on eHealth – Corelating Interface Indexes to Interface Names

Sample Network Management Project requirements

Posted in Networking (340) by Guest on the January 8th, 2011

First Tier Network Management Solution support

Support Datacenters, Main sites / Disaster Recovery Sites:

Graphically configuring and monitoring all equipment
Firewalls, Routers, Switches, Modems, Servers, SAN’s, NAS’s, PC’s Network Printers, UPS… etc,

Issue periodical reports:

Daily, weekly, monthly…
Device, configurations & connectivity


Network Fault Management:

Network connectivity between branches needs:

Spectrum Network Fault Management:

Best-in-class technology, platform-independent
Comply with regulatory and governance requirements
Automate troubleshooting through a full suite of tools
Minimize risk  and Mean-Time-To-Repair


Identify network assets
Build an inductive topology map
Understand relationships and inter-dependencies

Root Cause and Impact Analysis:

Root Cause Analysis
Correlate  symptoms or events
Pinpoint the degraded or failed network component
Indicate where the true problem is
Impact Analysis

What services and branches are impacted

Alarm Notification:

Configure thresholds and monitor key performance indicators: 
CPU, Memory, Storage, Interfaces…
Automate notification to email
Launch scripts for corrective actions
Alarm filtering and differentiation by colors
Redundancy between management servers
If primary server fails, the secondary automatically takes over

Manage device configurations and monitor changes:

Configuration capture
Configuration edit 
Configuration load and restore
Configuration comparison and validation
Automated scheduling

Report Manager:

Comprehensive reporting on availability, response time, assets, alarms, and service quality metrics

Comments Off on Sample Network Management Project requirements

Web Server Security – Suggestions

Posted in Application (380) by Guest on the January 7th, 2011

Common Web Vulnerabilities

  • Buffer Overflow Attacks
  • Denial of Service
  • Attacks on vulnerable scripts
  • URL Manipulation
  • Sniffing / Spoofing Credentials
  • Client Parameter Manipulation
  • Brute Force Attacks
  • Web Server Fingerprinting 
  • Web Defacements

Take web servers seriously, server security is essential for web security, recommendations:

Harden servers from attack

• Use a hardening guide like CIS or MS
• Use Windows Security Templates
• Audit Users, Groups and Permissions
• Enable DEP to prevent buffer overflows

• Follow Best Practiceso SSL Certificate
o Patching, Host Based Firewall & Anti-Virus
o Password Policy and Lockout

PHP, Java ServletEngine, Mod_PERL, etc

• Secure configuration
o PHP Suhos in& Hardening Patch
o PHP Security Consortium -Security Guide
o Perl security Guide
• Include framework in patch cycle

Client & Browser Security

• What’s a Browser? Word, RSS, OS, etc
• These are all vulnerable to web attacks
• Educate users about HTTPS
• Audit ActiveX controls
o Don’t Allow installation of unsigned ActiveX
o Don’t Prompt user to install unsigned ActiveX
• Patch Helper Applications Secunia
o Java

Session Security & Authentication

• Anything passed to client is readable
o Hidden fields and cookies aren’t hidden
o Use Webscarabor other proxy to analyze
• Encrypt info in cookies and hidden fields
o Apply a timestamp to sensitive variables
o Use strong sessionIDs>16 chars

Javascriptand XSS are Serious Threats

• Javascriptis compatible across major browsers
o It’s a powerful language
o Exploits will probably become more insidious
• XSS Vulnerabilities are plentiful

In scripts, only allow valid data; if that breaks, filter out bad stuff.

o White list then blacklist

Comments Off on Web Server Security – Suggestions

Network categories of System Monitoring

Posted in Compliances (1300),Networking (340) by Guest on the January 5th, 2011

Monitoring System Configuration Changes This category includes monitoring for changes in hardware and software configurations that can be caused by an operating system upgrade, patches applied to the system, changes to kernel parameters, or the installation of a new software application.

The root cause of system problems can often be traced back to an inappropriate hardware or software configuration change. Therefore, it is important to keep accurate records of these changes, because the problem that a change causes may remain latent for a long period before it surfaces. Adding or removing hardware devices typically requires the system to be restarted, so configuration changes can be tracked indirectly (in other words, remote monitoring tools would notice system status changes).

However, software configuration changes, or the installation of a new application, are not tracked in this way, so reporting tools are needed. Also, more systems are becoming capable of adding hardware components online, so hardware configuration tracking is becoming increasingly more important. 

Monitoring System Faults. After ensuring that the configuration is correct, the first thing to monitor is the overall condition of the system.

  • Is the system up?
  • Can you talk to it, ping it, run a command?

If not, a fault may have occurred. Detecting system problems ranges from determining whether the system is up to determining whether it is behaving properly. If the system either isn’t up or is up but not behaving properly, then you must determine which system component or application is having a problem. 

Monitoring System Resource Utilization. For an application to run correctly, it may need certain system resources such as the amount of CPU or I/O bandwidth an application is entitled to use during a time interval. Other examples include the number of open files or sockets, message segments, and system semaphores that an application has. Usually an application (and operating system) has fixed limits for each of these resources, so monitoring their use is important. If they are exhausted, the system may no longer function properly. Another aspect of resource utilization is studying the amount of resources that an application has used. You may not want a given workload to use more than a certain amount of CPU time or fixed amount of disk space. Some resource management tools, such as quota, can help with this. 

Monitoring System Performance. Monitoring the performance of system resources can help to indicate problems with the operation of the system. Bottlenecks in one area usually impact system performance in another area. CPU, memory, and disk I/O bandwidth are the important resources to watch for performance bottlenecks.  establish baselines you should monitor system during typical usage periods. Understanding what is “normal” helps to identify when system resources are scares during  a particular periods (for example “rush hours”). Resource management tools are available that can help you to allocate system resources among applications and users. 

Monitoring System Security. System’s availability can be impacted through unauthorized use. Performance and resource controls are not useful if the system is used for the wrong purposes.  The value of security tools is often overstated but in small doses they can be useful not harmful. for example it is easy to monitor for world writable files and wrong permissions on home directories and key system directories. There no reason not to implement that. In many cases static (configuration settings) security monitoring can be adapted from hardening package such as Titan. 

Monitoring system logs. This is an integral area that overlaps with each and every area described above but still deserve to be treated as a separate. System logs provide a wealth of information about the health of the system, most of which is usually never used as it is buried in the noise and because regular syslog daemon outlived its usefulness. Usually log monitoring is done along with the integration of log stream on the special log server.  Few people understand the flow of messages to central log server represents a decent distributed monitoring system and that instead reinventing the wheel it is possible to enhance it by writing probes which write messages to syslog.


Comments Off on Network categories of System Monitoring

Sample Project – Service Life Cycle Management

Posted in Projects (400) by Guest on the January 4th, 2011

Submitting a project proposal

A project is a temporary undertaking with a beginning and end date that uses resources to produce a specific result. A project has a defined outcome, a deadline by which the project must be completed, and a budget that limits the amounts of human resources, materials or supplies, and funds.

Any employee who has an idea for a project should discuss it with their manager to determine if the idea should be pursued further. If so, and at the manager’s request, the employee will use the following Project Proposal template to describe the project. The template is a flexible document designed to assist you in articulating the proposed project. Not all sections of the template are appropriate for all projects; you may also add sections, if necessary.

When you have completed the proposal, e-mail it to your immediate manager for review and carbon copy (cc) the Project Office, which is responsible for tracking all project proposals.

Your manager will complete their portion of the proposal and return it to you, indicating its disposition. They will also send a copy to the Project Office.

Project proposal

Project name: Assign a short, descriptive name to the project.
Prepared by: The proposal may be prepared by any employee and submitted to the manager responsible for the functional area affected by the proposed project, or a director responsible for overseeing many functional areas.
Justification/background: Describe the impetus for proposing the project and the business need it addresses.
Relationship to OIT Planning Document: Discuss how the project relates to one or more of the goals of the OIT Planning Document. Name the specific goal(s) to which the project relates.
Description: Provide a brief description of the project. If approved, a more detailed project description will be required in the project Scope Statement.
Objectives: Objectives are action items whose successful completion marks progress in the execution of the project.
Deliverables: List and describe the tangible, quantifiable products of the project.
Resources needed: Estimate as accurately as possible the resources (human resources, financial, and material) needed to plan the project, as well as those needed to execute it. These should be a “best guess;” they are not exclusive of other resources the project may require.
Estimate of resources needed for discovery & planning  
Estimate of resources needed for execution  
Manager/ Provide an explanation of why you are accepting the proposal and forwarding it to the Project Office for further review, or rejecting it and returning it to the employee.
Director feedback:
  • Not approved
Provide an explanation for the rejection, and if appropriate, recommend changes to the proposal.
  • Approval pending
Provide an explanation of why the project cannot be undertaken at this time.
  • Approved with changes
Describe the changes required.
  • Approved
Project Manager Assign the project manager responsible for planning and executing the project with the assembled project team.
Individual responsible for approving exit criteria Assign someone responsible for defining and ensuring exit criteria are met at each phase of the project. This is typically the project manager or the sponsor.



Comments Off on Sample Project – Service Life Cycle Management

Sample Solaris – OS Installation Build Procedures

Posted in O S (375) by Guest on the January 3rd, 2011

Sample Ultra – OS Installation Procedures

The following steps include information about installing and hardening the Operating System.

Power On

          As soon as the Initialize Memory starts press STOP A
          The OK prompt appears
          Insert the Solaris 8 Server Configuration CD ROM
          At the OK prompt type boot cdrom – w
          Wait for install to start

OS Installation

          Select Language, press 0 for English
          Solaris Install Program, press F2 to continue
          Identify this system, press F2 to continue
          Host name, type the machine’s host name, press F2 to continue
          Network Connection, under Networked select Yes, press F2 to continue
          IP Address, type the machine’s IP Address, press F2 to continue
          Confirm Information, press F2 to continue
          Name Service, select none, press F2 to continue
          Confirm Information, press F2 to continue
          Subnets, System Part of a subnet select Yes, press F2 to continue
          Netmask, type, press F2 to continue
          Time Zone, regions select United States, press F2 to continue
          Time Zone, select Mountain, press F2 to continue
          Date and Time, accept defaults, press F2 to continue
          Confirm Information, press F2 to continue
          Solaris Interactive Installation, press F4 to Initialize, press F2 to continue
          Allocate Client Services, press F2 to continue
          Select Language, press F2 to continue
          Select 64 Bit, uncheck, press F2 to continue
          Select Software, select Developer Software, press F2 to continue
          Preserve Data, press F2 to continue
          Automatically Layout File System, check /, /var, swap, press F2 to continue
          File System and Disk Layout, press F2 to continue
          Select Disk to Customize, select c0t0d0, press F2 to continue
          Customize Disk c0t0d0, make changes to match settings below


Slice          Mount Point                            Size (MB)
0                /                                               5643
1                SWAP                                      1024
2                overlap                                     8693
3                /var                                          1024

Press F2 to continue
          Select Disk to Customize, select c0t1d0, press F2 to continue (*server may only have one disk drive)
          Customize Disk c0t1d0, make changes to match settings below
Slice          Mount Point                            Size (MB)
0                /var/opt/CPfw1-41/logs           5643
1               &
2                overlap                                                8693
3                                                                1024

Press F2 to continue
          Select Disk to Customize, press F2 to continue
          File Disk Layout, press F2 to continue
          Mount Remote File System, press F2 to continue
          Profile, press F2 to continue
          Warning for change to Boot Device, press F2 to continue
          Reboot after Install, press F2 to continue
          Wait for about 20 minutes for install to complete


Harden OS

          Assign password for root
          Select NO to conserve energy
          Select NO to ask the question again
          Log in as ROOT

Create a directory called /var/fwadmin
          Type cd /var
          Type mkdir fwadmin
          Type cd fwadmin
          Insert floppy labeled harden script
          Type copy /floppy/floppy0/harden
          Type ./harden

Harden Script Runs
          Do you wish to install SAR? Select Y
          Do you want to continue with installation of (SUNMaccr)? Select Y
          Do you want to install these as setuid /setgid file? Select Y
          Do you want to continue with installation? Select Y

Comment out all unneeded services
          Type cd /etc/inet
          Type copy inetd.conf
          Type vi inetd.conf
          Delete the first 11 lines
          Move cursor below the word Telnet
          Hit Shift:
          Type .,$d (deletes the rest of the lines below Telnet)
          Type :wq!

Remove Comment for Console Line
          Type vi /etc/default/login
          Move cursor to CONSOLE=dev/console
          Insert the # symbol
          Type :wq!

Disable more services
          Type cd 0tclrc2.d
          Type mv S71rpc notused.S71rpc (disables RPC daemons)
          Type mv S99dtlogin notused.S99dtlogin (disables CDE log in)
          Type rm S74owtofs
          Type rm S73nfs.client
          Type rm S92volmgt
          Type vi /etc/services
          Add SSH entry
          Under telnet type ssh hit the tab key type 22/tcp
          Type :wq!
          Type vi /etc/default/ftpd
          Enter BANNER=””
          >Type :wq!
          Type vi /etc/default/telnetd
          Enter BANNER=””
          Type :wq!
          Type crontab –e
          Add 15 * * * * /usr/sbin/ntpdate –s
          Type eject cdrom
          Type reboot

Log on
          Type mkdir /opt/sw-depot
          Type cd /opt/sw-depot

Open an FTP session to the ftp server that has software Patches and 3rd part apps
          Type bin
          Type hass
          Type mget *

GNUgcc? Press Y
GNUzip? Press Y
titan? Press Y
perl? Press Y
ssh-1.2.30? Press Y
tcp_wrappers? Press Y
wu-ftpd? Press Y
7_recommended? Press Y
.profile? Press Y
.kshrc? Press Y

          Type vi /etc/passwd

Change line root:x:0:1:Super_User:/:/sbin/sh to          root:x:0:1:Super_User:/:/bin/ksh
          Type :wq!
          Type  cp /opt/sw-depot/.profile .
          Type cp /opt/sw-depot/.kshrc .
          Type chmod 700 .kshrc
          Type exit

Log on
          Type cd /tmp
          Type cp /opt/sw-depot/7*
          Type which unzip
          Type unzip *.zip

          Type rm *.zip
          Type cd 7.*
          Type ./install_cluster
          Ready to continue? Select Y

Wait about 30 minutes
          Type cd /tmp
          Type  rm –R 7*

Log on
          Type cd /tmp
          Type cp /opt/sw-depot/GNU* .
          Type cp /opt/sw-depot/perl* .
          Type cp /opt/sw-depot/top* .
          Type cp /opt/sw-depot/wu* .
          Type tar –xvf ./GNUzip*
          Type rm GNUzip1.2.*.tar
          Type pkgadd –d .
          Press Enter to select all packages
          After install type Q to quit
          Type  rm –R GNUzip
          Type  which gunzip
          Type gunzip *.tgz
          Type  tar –xvf GNU*.tar
          Type rm GNU*.tar
          Type  tar –xvf top*.tar
          Type rm top*.tar
          Type  tar –xvf perl*.tar
          Type rm perl*.tar
          Type  tar –xvf wu*.tar
          Type rm wu*.tar
          Type pkgadd –d
          Press Enter to select all packages

          Do you want to install thes as setuid/set
gid? Select Y
          After install type Q to quit
          Type rm –R GNU* perl* top wu*

Log on
          Type  cd /tmp
          Type cp /opt/sw-depot/tcp* .
          Type cp /opt/sw-depot/ssh* .
          Type gunzip ssh*.gz
          Type  tar –xvf *.tar
          Type rm ssh*.tar
          Type gunzip tcp*.gz
          Type tar –xvf *.tar
          Type rm tcp*.tar
          Type cd /tcp*
          Type vi Makefile
          Search for STYLE=DPROCESS_OPTIONS # Enable Language Options
          Remove # symbol from beginning of line
          Search for SYSV.4 Solaris2xOS Fault
          The next line should be REAL_DAEMON_DIR=/usr/sbin
          Remove # from beginning of line
          Type :wq!
          Type  make sunos5
          Type cp tcpd /usr/sbin
          Type cp safe_finger /usr/sbin
          Type cp tcpdchk /usr/sbin
          Type cp tcpdmatch /usr/sbin
          Type cp try-from /usr/sbin
          Type cd ../ssh
          Type . /configure—without-x
          Type make
          Type make install
          Type vi /etc/inetd/inetd.conf
          Add the following entry
          Ssh      stream  tcp       nowaitroot      /usr/sbin/tcpd /usr/local/sbin/sshd -I
          Add # symbol in front of ftp and telnet
          Type :wq!
          Type  ps –e | grep inetd
          Type kill –1 (process id)



Comments Off on Sample Solaris – OS Installation Build Procedures

Web Server Security Guidelines

A web server is a program, which listens for http requests on a TCP/IP port (normally either port 80 or port 443) and serves html pages in response.

There are several web servers currently in the market. The most popular are:

  • Apache
  • SunONE
  • Internet Information Server (IIS 6/7/8)
  • NCSA

Specific methods for securing a web server largely depend on the operating system (OS) and web server software used. Apache can run on the Windows platform, but usually runs on Linux or some other flavor of Unix. IIS runs on the Windows server platforms. SunONE is the sum of sites running iPlanet-Enterprise, Netscape-Enterprise, Netscape-FastTrack, Netscape-Commerce, Netscape-Communications, Netsite-Commerce & Netsite-Communications.

Once a web server is set up, it is an invitation to  the world to connect to it. The users may include potential hackers as well. The attackers may deface the web site, causing embarrassment. Or they may download confidential information, or steal credit card information. Or they may use the host as part of a distributed denial-of-service (DDOS) attack on another host.

In a defacing incident, the Web Manager may come to know that the web site has been hacked. But in other cases, it may not even be known that the site has been compromised. Hence, the security of a Web Server is of prime importance.

Before going into the specifics of securing computers and their services, we need to define the policies for how and by whom the Web Server will be used. This includes an acceptable use policy (AUP) for all users and a security policy. This policy is intended to define the rights and responsibilities of both the users and system administrators as well as define who these people are. This is really the first step in the security of any server as it sets out the rules that everyone is to follow. And when the rules are broken, the AUP also defines what happens to those who have broken them. 


The organization should include explicit security requirements when selecting servers. There are many server vendors, and the security capabilities of their products vary accordingly. Many of the known and frequently exploited network server vulnerabilities apply only to certain products and platforms. If one considers security requirements when selecting servers, then it is possible to choose products with fewer vulnerabilities or select better security-related features, which can result in a substantially more secure site. This makes the long-term operation of web site more economical because by reducing the costs associated with administration tasks (such as patching systems) as well reduce costs caused by intrusions and their effects. 

The Web Servers are tempting targets for intruders because of the following reasons:

  • Public servers often have publicly known host names and IP addresses.
  • Public servers may be deployed outside an organization’s firewall or other    perimeter defenses.
  • Servers usually actively listen for requests for services on known ports, and they try to process such requests.  

The vulnerabilities are exploited by the intruders due to the operational issues not addressed by the System Administrators. Improper configuration or operation of the Web server can result in the inadvertent disclosure or alteration of confidential information.  

Some of the effects of Web Server being compromised are as follows.

  • Information assets of the organization are at risk.
  • Information about the configuration of the server or network could be exploited for subsequent attacks
  • Information about who requested which documents from the server is known
  • Sensitive customer or user information is at risk
  • The intruder may change the information stored on the Web server host machine, particularly the information intended to publish
  • Execute unauthorized commands or programs on the server host machine including ones that the intruder has installed
  • Gain unauthorized access to resources elsewhere in the organization’s computer network
  • Launch attacks on external sites from the server host machine, thus concealing the intruders’ identities, and perhaps making the organization liable for damages
  • Users can be disabled from accessing the Web site if all of its resources are consumed by a denial-of-service attack. 

It is therefore essential to secure a Web Server through the following steps:

  • Installing a Secure Server
  • Configuring Web Server Software and the underlying Web Server host operating system
  • Maintaining the Web Server’s Integrity 

Installation & Configuration

It is recommended that a web server deployment plan be developed. It should take into consideration security issues related to the network architecture and the location of the Web servers. The deployment plan also involves following practices for increased security:

a. Determining how the Web Server will be connected to the network
b. Identifying the security concerns related to day-to-day administration of the Server.
c. Identifying the services offered by the server.
d. Identifying the network services that will be provided on the server.
e. Identifying the users or categories of users of the Web Server
f.  Deciding how users will be authenticated and how authentication data will be protected
g. Developing intrusion detection strategies for the server

h. Documenting procedures for backup and recovery of information resources stored on the server. 

i.  Determining how network services will be maintained or restored after various kinds of faults 

Practices that should be adopted by organization for installing and configuring web server are as follows:

Isolate the Web server from public networks and the organization’s internal networks.

Care must be taken while placing a public Web server on an organization’s network. It is highly recommended that the server be placed on a separate, protected subnetwork. This will ensure that traffic between the Internet and the server does not traverse any part of  the  private internal network and that no internal network traffic is visible to the server. To accomplish this, following steps may be taken:

  • Place the web server on a subnet isolated from public and internal network.
  • Use firewall technology to restrict traffic between a public network and the web server and between the web server and the internal network.
  • Place the servers providing email, directory and database services in support of the web site on a protected subnetwork.
  • Disable all source routing functions in the firewalls and routers protecting the public web server.

Disable IP forwarding and source routing on the web server  and the server hosts that provide supporting services.

Configure the Web server with appropriate object, device, and file access controls. This is necessary for the following reasons

  • To limit access to the Web server software
  • To apply access controls specific to the Web server where more detailed levels of access control are required

To configure this, following steps may be taken:

  • The web server should be configured to execute under a unique individual user and group identity. This is important for implementing access controls on various files, viz. Server log files, system software and configuration files, password files etc.

  • The protection needed for various files, devices and objects specific to the web server should be identified.

  • Time-outs and other controls to mitigate the effects of DOS attacks should be configured.

  • The file serving of web server file listings should be disabled.

Identify and enable Web-server-specific logging mechanisms.

Web server logs are needed to: 

Alert about suspicious activity that requires further investigation

  • Determine the extent of an intruder’s activity

  • Help to recover the systems

  • Help to conduct an investigation

  • Provide information required for legal proceedings

This can be accomplished by

  • Identifying the web server software information to be logged, viz. Transfer log, Error log, Agent log, Referer log etc.

  • Logging mechanism may also be required for capturing the performance of various programs, scripts, and plug-ins supported by the web server. 

Consider security implications before selecting programs, scripts, and plug-ins for the Web server. To overcome the vulnerabilities following steps may be undertaken:

  • Programs, scripts and plug-ins should be selected from a trustworthy source.

  • The functionality that the external programs provide should be well understood.

Configure the Web server to minimize the functionality of programs, scripts, and plug-ins. Security vulnerabilities can be easily introduced in the acquisition, installation, configuration, deployment, and operation of external programs (Programs, scripts, and plug-ins). To accomplish this following steps may be taken:

  • Verification of the acquired copy of the external program to check if it is authentic.
  • The external program acquired should be tested prior to putting it on the public web server.
  • Security tools for checking vulnerabilities in these acquired programs should be used.
  • Server Side Include functionality use should be disabled or restricted.
  • Execution of external programs present in the web server should be disabled. These external programs may be present in the default web server configuration, they should be located and disabled if not essential.
  • Configure the web server host operating system and the web server software access controls to restrict access to external programs.

Configure the Web server to use authentication and encryption   technologies, where required.

Without strong user authentication, one may not be able to restrict access to specific information by authorized users. Before placing any sensitive or restricted (i.e. not for public consumption) information on a public Web server, one needs to determine the specific security and protection requirements and confirm that the available technologies, like SSL (Secure Socket Layer), S/HTTP (Secure Hypertext Transport Protocol), and SET (Secure Electronic Transaction). can meet these requirements.

Install security tools like whisker, ISS Internet Scanner, Nikto (A more comprehensive web scanner), SPIKE Proxy an open source HTTP proxy for finding security flaws in web sites. These tools help in finding the flaws in the web site as well as web server.

Operations & Maintenance

Maintain an authoritative copy of the Web site content on a secure host. The authoritative (i.e., verified,

correct, trusted) copy of the public Web site content needs to be stored on a host that is separate from (and more secure than) the public Web server. The more secure host should preferably be on the internal network of the organization and protected behind one or more firewalls.

  • Protect the Web server against common attacks. To accomplish this following actions are essential:

  • Install Security tools like IDS, Integrity Checkers, Blocking and Filtering tools.
    Update the installed detection tools to detect new attack patterns or events
  • Reduce attacks by updating firewall filtering mechanisms to deny new attacks

  • Temporarily disable specific services that might be vulnerable to attack

  • Use secure methods for restoration 

The best practices for the operation of a web server can be    summarized as below:

    • Place the web server(s) in a DMZ.  Set the firewall to drop connections to the web server on all ports but http (port 80) or https (port 443).
  •  Limit the number of persons having administrator or root level access. Keep a record of the persons allowed such access. 
  • Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on the Intranet of the organization. 
  • Monitor system logs regularly for any suspicious activity.  Install some trap macros to watch for attacks on the server. Create macros that run every hour or so that it would check the integrity of passwd and other critical files.  When the macros detect a change, they   should send e-mail to the system manager. 
  • Remove ALL unnecessary files from the scripts directory for example  /cgi-bin in Unix.  

Remove the “default” document trees that are shipped with Web servers.

  • Apply all relevant security patches as soon as they are announced.
  • If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site.  It would also be good to limit these connections only to a minimum number of  secure machines and have those machines reside within the  Intranet of the organization.
  • Run the web server in a safe part of the directory tree so it cannot     access the real system files.
  • Run the anonymous FTP server in a safe part of the directory tree that is different from the web server’s tree.
  • Do all updates from the Intranet. Maintain the web page originals on a server on the Intranet and make all changes and updates here; then “push” these updates to the public server through an SSL connection. If this is done on  an hourly basis, this practice will help avoid  having a corrupted server  exposed for a long period of time.
  • Scan the web server periodically with tools to look for vulnerabilities.
  • Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help recover from an intrusion and strengthen the defenses.

Incident Handling
A web server administrator should take the following steps after discovering a successful compromise:

      • Isolate compromised system(s) or take steps to contain attack so additional evidence can be collected
      • Consult, as appropriate, with management, legal counsel, and law enforcement expeditiously and consult the organization’s security policy.
      • Investigate “similar” hosts to determine if the attacker also has compromised other systems
      • Analyze the intrusion, including:
        • Modifications made to the system’s software and configuration
        • Modifications made to the data
        • Tools or data left behind by intruder
        • Review system logs, intrusion detection, and firewall log files.
        • Restore the system
      • Install clean version of operating system, or Restore from backups
        • Disable unnecessary services
        • Apply all patches
        • Change all passwords (even on uncompromised hosts as required)
      • Reconfigure network security elements (firewall, router, IDS) to provide
        • Additional protection and notification.
        • Test system to ensure security
        • Reconnect system to network
        • Monitor system and network for signs that the attacker is attempting to access the system or network again.
      • Report incident to CERT-In.
      • Document lessons learned.


Comments Off on Web Server Security Guidelines

Excellent – Windows 2000 AD Server site link

Posted in O S (375) by Guest on the January 1st, 2011

Excellent weblink to Windows server / Active Directory Reference.


Comments Off on Excellent – Windows 2000 AD Server site link