Page 279 - StudyBook.pdf
P. 279

Communication Security: Web Based Services • Chapter 5  263

                 Maintaining Integrity

                 Locking down the Web server is only one step in the security process. It is also
                 necessary to maintain that security over time. Sustaining a secure environment
                 requires that the administrator perform a number of tasks on a regular basis such as:

                      ■  Continuously monitor the system for anomalies
                      ■  Apply new patches, updates, and upgrades when available

                      ■  Adjust security configurations to match the ever-changing needs of the
                         internal and external Web community.

                    If a security breach occurs, an organization should review previous security
                 decisions and implementations.Administrators might have overlooked a security
                 hole because of ignorance, or they might have simply misconfigured some security
                 control. In any case, it is important for the cause of the security breach to be iden-
                 tified and fixed to prevent the same person from repeatedly accessing systems and
                 resources, or for other attackers to get in the same way. It is vital that the integrity
                 of systems be restored as quickly as possible and as effectively as possible.

                 Finding Rogue Web Servers

                 For a network administrator, the only thing worse than having a Web server and
                 knowing that it is not 100 percent secure even after locking it down, is having a
                 Web server on the network that they are not aware exists.These are sometimes
                 called rogue Web servers, and they can come about in two ways. It is possible that a
                 user on the network has intentionally configured Web services on their machine.
                 While this used to require a user to be technologically savvy in the past,Windows
                 OSes provide Internet Information Services (IISes) as a component that is relatively
                 easy to set up and configure on a machine that’s not properly locked down. More
                 often, however, rogue Web servers are deployed unintentionally. If administrators are
                 not careful, when they install Windows (especially a member of the Server family)
                 on a network computer, they can create a new Web server without even realizing
                 it.When a Web server is present on a network without the knowledge of network
                 administrators, the precautions necessary to secure that system are not taken, thus
                 making the system (and through it, the entire network) vulnerable to every out-of-
                 the-box exploit and attack for that Web server.









                                                                              www.syngress.com
   274   275   276   277   278   279   280   281   282   283   284