Security is an important aspect of any Internet server. When you're publishing information on the Internet, you should be aware of various security threats and take precautions to guard against them. In this chapter, you examine various ways of making your Internet server more secure. Note that this chapter does not cover security issues related to all Internet information distribution applications discussed in this book. Security issues specific to various applications are covered in their respective chapters. Chapter 15, "Making Your Web Site Searchable," for example, includes a section on preventing unauthorized changes to the search engine. The purpose of this chapter is to provide an overview of various steps that you can take to make an NT server on the Internet more secure. Note the expression "more secure." Security risks are always associated with connecting a server to the Internet. The possible threat to security does not mean that you should not set up a server on the Internet. You simply should take whatever precautions necessary to make it harder and more expensive for someone to try to break into your system.
The first few sections of this chapter are devoted to discussing various security countermeasures that you can implement to secure an NT server on the Internet. The last major section is devoted to various Internet security resources on the Internet. You should visit Web sites listed here to obtain the most up-to-date information about Internet security.
If you have not done so already, disable the Windows NT guest account. Anyone can use this account to gain access to your system. If you have an FTP server set up at your site, this account can be especially dangerous because a user with malicious intent can potentially destroy information on your system using this account.
Devoting an entire disk partition for Internet publishing is recommended if you can afford to do so. This partition should contain not only the FTP and Web server document root directories but also binary files of various Internet services. This setup makes it easier for you to control access to various directory structures and manage security. If you follow this advice, you can use NTFS security to restrict access to all other disk partitions. Using NTFS partitions exclusively is highly recommended. As shown in Figure 8.1, access to files and directories in an NTFS partition can be restricted to only certain users and user groups. Figure 8.1 demonstrates how you can revoke access to a certain directory from the Internet guest account (the account used by Internet Information Server) and assign it to the Administrators group, a certain user, and the System user.
Directory browsing is a feature available in most Web servers. A URL typically contains a directory and a filename. If a user types in a URL without a filename at the end of it, a listing of files in the directory is sent to the user, if the "default document" (usually, index.html) is not present in that directory. Look at Figure 8.2 for an example of how a user can use the directory browsing feature to obtain a list of files and directories in a directory.
Figure 8.2: Listing of files and directories when directory browsing is turned on.
Depending on the structure and nature of information at your Web site, this capability has advantages as well as disadvantages. If your Web site is an open Web site and you want to share as much information as possible, enable directory browsing. If your Web site contains information that should be accessed in a particular order, however, disable directory browsing. You can, for example, distribute software using a Web server. All the applications distributed through the Web server can be in a certain directory. For record keeping and statistical analysis purposes, you might want to make sure that users fill in a form and submit it before they are given permission to download various applications. If directory browsing is enabled, a technically inclined user might figure out how to skip registering by typing in the name of the directory in which the applications are located and downloading all the applications in that directory.
Note that a middle ground also exists. You can disable directory browsing only on certain directories. For these directories, simply create a "default document" (usually, index.html) Web page and copy it to directories in which you want to disable directory browsing. Your Web server might allow you to disable directory browsing on certain directories using a special menu or configuration file. Refer to your Web server documentation for more information.
Controlling access to the CGI directory of your Web server is very important. Only trusted users should have access to this directory. Any user who has access to the CGI directory of a Web server can easily execute programs on your Web server using a Web browser. For this reason, never allow any user to have access to the CGI directory via FTP. FTP uses clear text usernames and passwords. Therefore, someone who has access to part of your local network or the part of the Internet over which the authentication data is transmitted can monitor FTP transactions with a simple protocol analyzer. A protocol analyzer can be used to obtain usernames and passwords of users authorized to access your system. An unauthorized user, possibly with malicious intent, can then access your system via FTP, pretending to be an authorized user, and execute any application on your system by copying it to the CGI directory.
Use resource auditing capabilities of Windows NT to monitor critical resources of your Internet server. From the User Manager's main menu, select Policies | Audit. The Audit Policy dialog box that appears can be used to turn on auditing (see Figure 8.3).
Figure 8.3: You can audit various system resources by using User Manager.
After you enable auditing with User Manager, select a directory and then choose Security | Auditing from the File Manager main menu. The Directory Auditing dialog box in Figure 8.4 then appears. Use the options in this dialog box to audit critical areas of your Internet server.
Figure 8.4: The Directory Auditing dialog box.
You can use the Event Detail dialog box in Figure 8.5 to monitor possible breaches of security. The event in this figure was logged as a result of an unsuccessful login attempt.
Figure 8.5: Unsuccessful login attempt recorded.
Caution |
Be careful when auditing various system resources. Do not get carried away and audit too many activities because they clutter your Event Log and slow down your system. Limiting auditing to access failures is generally a good ideal. Otherwise, the Event Log becomes cluttered with too many events, making it virtually impossible for you to locate critical information. |
You can use FTP to allow users to upload contents to your Web
site. When you allow users to FTP to your server, take the time
to make sure that your users are aware that anything they upload
to the Web server via FTP can be viewed by someone eavesdropping
on the network connection. If users upload sensitive material
to your server via FTP, make them use a powerful data encryption
mechanism such as Pretty Good Privacy (PGP). Visit the following
Web site for information about PGP.
URL |
Yahoo!'s PGP information Web page: http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/ |
You should also take the time to monitor Event Viewer entries periodically to detect any suspicious activities. The Event Log contains valuable information that should be monitored. Devoting some time, at least once every few days, to go over the Event Log looking for any suspicious activities is a good idea. Refer to Figure 8.6 for a typical Event Viewer listing.
Figure 8.6: An Event Viewer listing.
You can obtain additional information about various events displayed in the Event Viewer by selecting an event and double-clicking it. The dialog box in Figure 8.7 is invoked by double-clicking the event selected in Figure 8.6.
Figure 8.7: Detailed information about an event displayed in the Event Viewer.
If you detect suspicious activity, monitoring access log files is a good idea. Log files can easily be several megabytes is size. Manually going over access log files, therefore, is not a very good idea. If you detect repeated suspicious activity, however, you can use the access log file to obtain additional information. If several messages appear in the Event Log, similar to the one shown in Figure 8.7, for example, you can use the access log file to obtain additional information such as the IP address of the user who tried to access the system. Figure 8.8 demonstrates how the access log file can be used to obtain detailed information about the event in Figure 8.7. In this example, the time and date of the event in Figure 8.7 are used as an index to locate the corresponding access log file entry. Refer to your Web or FTP documentation and configuration settings for the location of the access log file.
Perl is a powerful language that you can use for a variety of purposes. It is particularly suitable for creating CGI applications to process user input. However, do not place PERL.EXE in your CGI directory. A user with malicious intent can potentially use PERL.EXE to execute commands on your NT Server. Rather than place PERL.EXE in your CGI directory, create a CGI extension mapping and place PERL.EXE in a directory that's not accessible via your Web server. Refer to your Web server documentation for information about creating CGI extension mappings.
Sensitive information should never be distributed with a Web server unless the data is encrypted before it is transmitted via the Internet. Note that although you can restrict access to parts of a Web site by IP address, users can spoof IP addresses. Therefore, you should never use IP addresses to restrict access to sensitive information. The same goes for basic user authentication. Unless Windows NT challenge/response user authentication is used, someone monitoring connections to your Web server can easily intercept usernames and passwords of authorized users, and then can use them to gain unauthorized access to your system.
If you use your Web server to conduct sensitive transactions over the Internet, enable encryption on your Web server to make it virtually impossible for someone to monitor your Web server traffic. Although a user who has a great deal of processing power can still monitor HTTP transactions to and from your server, doing so is prohibitively expensive. The purpose of enabling encryption is to make monitoring Web server traffic that is encrypted with a mechanism such as SSL too expensive.
If you are hosting your Web site with MS Internet Information Server, you can use Windows NT challenge/response user authentication to make sure that usernames and passwords are encrypted before they are transmitted over the Internet. Although doing so improves security, you have a trade-off. At the time of this writing, only Internet Explorer supports Windows NT challenge/response user authentication. Use this method of user authentication to improve security if you are certain all your users use Internet Explorer. Note that Windows NT challenge/response user authentication does not encrypt information transmitted via the Internet; it encrypts only usernames and passwords.
You also would be wise to test the security of your NT system
by trying to gain unauthorized access to it. You can do so with
the aid of various administrative tools. Visit the following Web
site for information about a utility that can be used to find
weak passwords on NT systems. You can use such a utility to make
sure that poor passwords chosen by your users do not compromise
the security of your system by detecting them before a potential
breach of security occurs.
URL |
ScanNT (Password cracker for Windows NT): http://www.omna.com/yes/AndyBaron/pk.htm |
Many Internet security resources are available on the Internet. You should visit the Web sites listed in the following sections to learn more about Internet security and various ways of protecting an Internet server against unauthorized access. Monitor these Web sites for the most up-to-date information related to Internet security.
The World Wide Web Security FAQ contains many Internet security
resources. Visit it to find information about various common security
holes and how to protect your system from unauthorized accesses.
URL |
World Wide Web Security FAQ: http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html |
Visit the Information Security Web site for news articles related
to information about data security and Internet Web security.
URL |
Information Security Web site: http://www.newspage.com/NEWSPAGE/cgi-bin/walk.cgi/NEWSPAGE/info/d2/d10/ |
Visit the "Almost Everything" Web site to learn about
various Internet security topics. Although some topics discussed
apply only to UNIX systems, reading about them will give you a
thorough understanding of some of the issues related to Internet
security.
URL |
"Almost everything you ever wanted to know about security (but were afraid to ask!)" Web page: http://www.cis.ohio-state.edu/hypertext/faq/usenet/ |
Yahoo!'s Internet Security and Encryption Web page lists numerous
Internet security Web pages. Visit it often for the most up-to-date
information related to Internet security and encryption.
URL |
Yahoo!'s Internet Security and Encryption Web page: http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/ |
The following Web site lists many useful suggestions for securing
an NT Web server on the Internet. Visit it to learn about various
security precautions that you can take to prevent unauthorized
access to an NT Web server.
URL |
NT Web Server security issues: http://www.telemark.net/~randallg/ntsecure.htm |
If you need help setting up the Windows NT FTP server and securing
it to prevent unauthorized access to your system, visit the following
Web page. It contains information about Windows NT FTP server
security issues.
URL |
NT FTP Server security issues: http://mushin.wes.army.mil/ntpermit.htm |
You can take several steps to protect an NT server on the Internet against unauthorized access. Although setting up an Internet server that is immune to unauthorized access is virtually impossible, you can take steps to make access harder and, in some cases, prohibitively expensive for someone to gain unauthorized access.
To make a Web site more interesting to navigate, you can utilize a number of advanced HTML techniques. You can use tables, for example, to format various objects of a Web page such as text, video clips, Java applets, and so on. You also can use frames to make navigating a Web site easier. The next chapter demonstrates how you can use various advanced HTML techniques to create attractive Web pages.