Bad things happen to good servers. What can happen? Where should you look? The Web has the same problems as the other important Internet services discussed in this book, differing mainly in the details.
Malice or mistake, whether local or remote, can foil the security goals mentioned in the first chapter. Table 8-1 lists some security problems you may encounter, as well as the desired goals.
Sample problems |
Security goals |
---|---|
Theft of service Warez or pornography uploads Pirate servers and applications Password sniffing Rootkit and trojan program installation Denial of service targeting or participation |
System integrity |
Vandalism, data tampering, or site defacement Inadvertent file deletion or modification |
Data integrity |
Theft of personal information Leakage of personal data into URLs and logs |
Data confidentiality |
Unauthorized use of resources Denial of service attacks Crash or freeze from resource exhaustion (e.g., memory, disk, process space, file descriptors, or database connections) |
System and network availability |
Vulnerabilities exist everywhere, but some are more frequently targeted:
Buffer overflows, string-format hacks, race conditions, logic errors, memory leaks
Ownership, permissions, symbolic links, setuid/setgid
Coverage gaps, data leaks, spoofing
Promiscuous mode, denial of service; connectivity
User accounts, passwords
I'll describe web-server security more or less in chronological order, pointing out the problems and best practices as we go:
Obtaining and installing Apache
Configuring Apache
Securing CGI scripts, with PHP and Perl examples
Issues spanning the operating system, web server, and CGI scripts: authentication, authorization, sessions, SSL, and others
Many times, I'll invoke one or more of these security mantras:
Configure with least privilege. Avoid using root and restrict file ownership and permissions. Provide the bare minimum to serve files, run CGI scripts, and write logs.
Minimize surface area; a smaller target is harder to hit. Disable or remove unneeded accounts, functions, modules, and programs. Things that stick out can break off.
Never trust user input. Secure access to external files and programs.
Use layers of protection. Don't rely on security by the obscurity of a single mechanism, such as a password.
Write down what you've done because you won't remember it. Trust us on this one.