Web Servers
The World Wide Web is the technology that is responsible for the massive growth of the Internet today.
The World Wide Web was born in 1990, when Tim Berners-Lee developed the first browser application and launched the internal World Wide Web within the European Laboratory for Particle Physics, or CERN, headquarters. At that time, the Web was only available to those who had access to the CERN system.
The next major point of mention is in 1993, when the National Center for Supercomputing Applications (NCSA) released the Mosaic browser. This gave users the ability to view graphics and text at the same time over the Web. In the same year, the New York Times announced the appearance of the World Wide Web, and the White House went online at www.whitehouse.gov.
The next seven years saw massive growth for the World Wide Web, with around 7000 new web sites being added daily. The largest growth sector of the Internet is still the World Wide Web.
The World Wide Web is made up of numerous Web servers that are located all over the world on a common network, the Internet. These servers all run the Hypertext Transfer Protocol (HTTP) service. HTTP is an application layer protocol that uses TCP as the transport protocol and maps to port 80. Besides HTTP, there is the Secure Hypertext Transfer Protocol (HTTPS). HTTPS uses client-to-server encryption to secure the normally clear text transmission of data between the HTTP client and the HTTP server.
Threats Posed to Web Servers
Web servers are the most common targets for attacks within a corporate web site. Web servers host the HTTP service and deliver the HTML pages to Internet clients browsing them. The very nature of this client/server relationship makes the Web server a target for abuse. The server is addressable on a specific IP address and a specific port.
The majority of DoS attacks are aimed at Web servers. The Web server is the main component that brings all of the other components together, and disruption of this server affects the overall Internet service.
Besides the DoS attacks, there are application-related vulnerabilities. The most common Web server application that is used on Windows NT is Microsoft's IIS, and the most common UNIX Web server is Apache. Both of these servers are under constant scrutiny from the Internet community, and vulnerabilities are found quite frequently.
Solutions to the Threats to Web Servers
In theory, the Internet service that runs on TCP port 80 is intrinsically secure and does not really require protection. However, it is the Web server itself and the network operating system that causes the security concerns. Any service other than the HTTP service running on the server increases the risk associated to the server. The best way to protect against this, as with most other services, is to deploy a firewall that is situated between the public Internet and the Web server. The Web server can then be on a private network, and Network Address Translation can provide the added security of hiding the real IP address of the Web server. The firewall should be further configured only to allow access to the Web server on the required ports. These are usually port 80 for general HTTP traffic and port 443 if the web site is using HTTPS and HTTP.
To protect against application vulnerabilities, it is important to ensure that the Web server applications are kept up with the latest service and security patches. These are provided on the vendors' web sites. Information about vulnerabilities can be obtained from white hat hacker web sites, such as www.rootshell.com, and various e-mail lists.
Configuration Recommendations for Web Servers
Using the Cisco Secure PIX Firewall, the following commands allow public Web traffic to the Web server with an internal address of 192.168.0.10/24 and provide static translation to the public address of 194.73.134.10/24. This is based on Figure 11-3:
static (inside,outside) 194.73.134.10 192.168.0.10 netmask 255.255.255.255 0 0 conduit permit tcp host 194.73.134.10 eq www any