Question

Web servers are compromised for a number of reasons which may include any of the following: Improper file or directory permissions, installing the server with default settings,

unnecessary services enabled, security conflicts, a lack of proper security policies, improper authorization with external systems, default accounts with default or no passwords,

unnecessary default, backup, or sample files, misconfigurations, bugs in server software, OS, or web applications, misconfigured SSL certificates and encryption settings, administrative or debugging functions that are enabled or accessible on web servers or the use of self-signed certificates and/or default certificates.

Select one of these compromises and explain how it could be avoided.

Answer 1

Answer:-

i have selected  security conflicts

how to avoid security confilicts in web server:-

Keep Web Server Secure

Web Server is one of the most important and critical components of a web infrastructure. Web server is responsible for hosting a Web site and its related code, services, and all required files.

Here is a list of tasks Web server administrators should perform to keep Web and Database servers secure.

• Separate development, staging, and production environments
• Keep Operating System on its own hard drive partition
• Enable tight security on Web Server including permissions and access
• Keep separate user logins and their permissions based on their roles
• Remove unnecessary services and don’t install them during installations
• Disable remote access. If you must provide remote access, it should be on a secure network
• Keep web application, scripts, and all code on a separate partition of the hard drive
• Install Firewall and necessary products
• Websites should be secure using the latest version of SSL and other protocols
• Close all default open ports
• Make sure to change and separate Admin logins and passwords from Web application administrators
• Configure and enable Web server and other logs
• Provision web server for latest technologies such as containers
• Make sure to allocate and separate proper resources for web applications and services
• Avoid using shared servers among multiple clients
• Do not enable write permissions on server’s file system

Secure Database Server

Here is a list of tasks database administrators must do to secure database servers.

• Make sure database server is separate from a Web server
• Secure and encrypt login credentials
• Implement separate user logins for separate web applications
• Don’t give database users write and delete permissions unless necessary
• Use object permissions on database tables and objects
• Use secure mechanism to provide data access
• Store and monitor database logs

Security Patches and Updates

Keep your servers up to date with the current patches including OS patches, database upgrades, and other software upgrades.

Monitor Traffic

Implement proper mechanism to monitor server traffic and implement fraud protection mechanism for suspected traffic.

Monitor Application Logs and Exceptions

Web applications must implement recording of recommended logs and exceptions. Server administrators should work with application managers to monitor application logs and exceptions frequently.

Audit Server Logs

Monitor server logs frequently.

Educate Users

Server administrators must educate Web administrators, developers, and even management about the importance of security and discourage them to download and make frequent changes. All changes on the servers must be logged, reviewed, and approved.