Network security

WEB SERVER SECURITY

Warlock
August 16, 2013 by
Warlock

This article gives you a short and understandable summary about web servers, the different types of servers, the security add-on software installation process, and security aspects In this article we will learn the installation of a control panel and a benefits of add-on security software.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Web servers, just as a general introduction, are the big computers that serve as website hosts for a particular organization. The common characteristics that web servers have are public IP addresses and domain names. This information may sound boring but is offered for beginners. Security is a standard that has developed to protect the web server from intrusions, hacking attempts, and other malicious uses. A brief introduction to the types of web servers: There are those based on Microsoft Windows and those based on Linux, which are respectively named Microsoft IIS Server and Apache (these are the most common, although there are others like Nginx, Cherokee, and Zeus, etc). Throughout my article, I will introduce the techniques of hardening a web server, which is a chief role in web server security. The attack vectors on a web server depend on both the web application security that is hosted on the web server and the web server security, which includes operating system hardening, application server hardening, etc).

Starting with the web server security, the first point of analysis for exploiting the server would be the services. I would suggest all the server security administrators should run a service to check on all the ports that are open, filtered, and closed. One of the best tools would be Nmap for scanning the network.

Use a control panel for managing the hosted websites on the server. There are many control panels available, such as cPanel, Parallel Plesks, DirectAdmin, Webmin, ISPconfig, Virtualmin, etc. The chief benefit of using a control panel is that it provides a graphical web-based interface with a client-side interface. It is extremely easy to navigate, with an icon-based menu on the main page. A server administrator can use a control panel to set up new websites, email accounts and DNS entries. With the control panel, you can also upgrade and install new software. After that, install Atomic Secured Linux (ASL) in your web server; it is an add-on for Linux systems. We will discuss ASL later in this article.

Now I am going to show you how to set up a control panel on a web server. Here we are going to install cPanel and WHM (Web Host Manager).

cPanel Setup Manual

Prerequisites: Before installing cPanel we need to fulfill some conditions:

  • Your IP must be static before purchasing cPanel. It will not work properly with a dynamic IP address.
  • The hostname on your server must be a fully qualified host name (FQHN); for example, web.domain.com.
  • You can change the "hostname=" line in etc/sysconfig/network and then you must restart your network.

Hostname Change:For changing the host name, there are usually three steps, as follows:

  • Sysconfig/NetworkOpen the /etc/config/network file with any text editor. Modify the HOSTNAME=value to match your FQHN host name.

    # vi /etc/sysconfig/network

    HOSTNAME=myserver.domain.com

  • Host fileChange the host that is associated with your main IP addresses for your server; this is for internal networking.

    (Found at /etc/hosts)

  • Run hostnameThis command allows modifying the hostname on the server, but it will not actively update all programs that are running under the old hostname.

Restart Networking: After completing the above prerequisites and requirements we are done and we just give a reboot to the system to accept the changes. We can reboot by using this command: # /etc/init.d/network restart

Downloading cPanel:
After registering your IP, we have to input a command as root user in the terminal; that is, wget http://www.layer1.cpanel.net/latest

cPanel Installation:
After downloading the installer file, type in the following command as root user:sh latest


After the install is complete, you should see this: "cPanel Layer 2 install complete."

Now point your web browser to port 2086 0r 2087 by providing your IP address directly in the web browser: https://youriphere:2087

NOTE: There is no method of uninstalling cPanel. You will have to reload the operating system.

Now, after installing cPanel, the server is safe from rooting attacks, which hackers use for compromising all websites that are hosted on the same server. But the main critical threats are PHP shell execution and the DDoS attack on the server, which are not prevented by using a cPanel. So we just started looking for an anti-DDoS solution on the Internet and we found one, called as Atomic Secured Linux.

Atomic Secured Linux

Atomic Secured Linux is an easy-to-use, out-of-the-box unified security suite add-on for Linux systems, designed to protect servers against zero-day threats. Unlike other security solutions, ASL is designed for beginners and experts alike. You just install ASL on your existing system and it does all the work for you. This add-on was developed to create a unique security solution for beginners and experts

ASL works by combining security at all layers, from the firewall to the applications and services and all the way down to the kernel, to provide the most complete multi-spectrum protection solution available for Linux servers today. It helps to ensure that your system is secure and also compliant with commercial and government security standards.

Features

  • Complete intrusion prevention
  • Stateful firewall
  • Real-time shunning/firewalling and blocking of attack sources
  • Brute force attack detection and prevention
  • Automatic self-healing system
  • Automated file upload scanning protection
  • Built-in vulnerability and compliance scanner and remediation system
  • Suspicious event detection and notification
  • Denial of service protection
  • Malware/antivirus protection
  • Auto-learning role-based access control
  • Data loss protection and real-time web content redaction system
  • Automated secure log management with secure remote logging
  • Web based GUI management
  • Kernel protection
  • Built-in virtualization
  • Auto healing/hardening

Atomic Secured Linux works on various platforms, such as CentOS, Red Hat Enterprise Linux, Scientific Linux, Oracle Linux, and Cloud Linux. It also supports many control panels, including cPanel, Virtualmin, DirectAdmin, Webmin, and Parallel Plesk.

Now I am going to show you how to install Atomic Secured Linux. It is quite easy to install. Open the terminal for root use and type in:
wget -q -O - https://www.atomicorp.com/installers/asl |sh

Follow the instructions in the installer, being sure to answer the configuration questions appropriately for your system. Once the installation is complete, you will need to reboot your system to boot into the new hardened kernel that comes with ASL. You do not have to use this kernel to enjoy the other features of ASL, but we recommend that you use it, because it includes many additional security features that are not found in non-ASL system.

Now log in to your GUI at https://youriphere:30000.You can view alerts, block attackers, configure ASL, and use its many features from the GUI.

It protects from cross-site scripting, SQL injection, remote code inclusion, and many other web-based attacks. It intelligently detects search engines to prevent accidental blocking of web crawlers.

It detects suspicious events and events of importance and sends alerts about events such as privilege escalation, software installation and modification, file privilege changes, and more. ASL detects suspicious processes, files, user actions, hidden ports, kernel activity, open ports, and more.

It has a built-in vulnerability and compliance scanner and remediation system to ensure that your system is operating in a safe, secure, and compliant manner.

It automatically hardens Linux servers based on security policies and ships with a world-class set of policies developed by security experts. Also, it automatically disables unsafe functions in web technologies such as PHP to help prevent entire classes of vulnerabilities; for example, executing PHP shells.

It detects and blocks brute force and "low and slow" attacks on web applications and intelligently identifies when a web application has denied access, even for login failures.

Alerting is done for all domains hosted on a server.

The graphical user interface of the firewall is easy to use and maintain.


The advanced configuration of ASL allows handling PHP shell functions, antivirus, mod security rules, rootkit hunter, etc.

Hence we conclude that, after doing these things, your web server will be secured from attacks. Nowadays, most of the websites hacked are hosted by a shared server. An attacker's main method is to upload a PHP shell to a web server through a vulnerable website, from which an attacker can deface all websites hosted on that server. That's why we suggest using cPanel, because cPanel provides separate accounts for all website owners; if an attacker can upload a PHP shell from a website, he will not have access to all the other websites that are hosted on that server, he can only deface that particular site. We also discussed Atomic Secured Linux: It blocks attacks and alerts from all types of attacks. Specifically, it blocks the PHP shell functions and disables the PHP shell from executing in the web server.

References

http://www.rackspace.com/knowledge_center/article/centosrel-installing-cpanel-whm-1124

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

https://www.atomicorp.com/products/asl.html

Warlock
Warlock

Warlock works as a Information Security Professional. He has quite a few global certifications to his name such as CEH, CHFI, OSCP and ISO 27001 Lead Implementer. He has experience in penetration testing, social engineering, password cracking and malware obfuscation. He is also involved with various organizations to help them in strengthening the security of their applications and infrastructure.