(Page 7 of 10)
Hardening Web Servers
Web servers are frequently business-critical for both internal use, and for allowing customers and business partners access to some company resources (to allow them to order, check status, share information, etc.) They generally use port 80 (for HTTP) and port 443 (for SSL, or HTTP/S). No matter whose web server software, and what version of it, you use, you are likely vulnerable now, or will be vulnerable in the future, to a web-server-based exploit, so stay on top of updates to the web server software. Some steps you may want to take when hardening a web server include:
Consider employing a web-server-specific scanner to probe your server for known exploits, to help ensure that you have locked it down as well as possible.
Email servers are another tool critical for internal and external communication. For sending and receiving email between other servers, and receiving email from clients, they employ TCP port 25 (SMTP). For allowing clients to check their email boxes and retrieve email for reading on their PCs, email servers use either port 110 (POP3) or port 143 (IMAP), or both. For a client behind your firewall to retrieve email from an Internet-based mail server, you must open outbound port 110 or 143 on your firewall. For a client outside your firewall to retrieve email from an internal server on your network, you must open inbound port 110 or 143 on your firewall. Like web servers and other common servers, email server software is a known source of many vulnerabilities; few email servers have never fallen victim to a security bug, so keep up to date on vulnerability notices and patches. Make sure that you have closed any open relays in your organization.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.