Chapter 8

Security Considerations


CONTENTS


Security is an important aspect of any Internet server. When you're publishing information on the Internet, you should be aware of various security threats and take precautions to guard against them. In this chapter, you examine various ways of making your Internet server more secure. Note that this chapter does not cover security issues related to all Internet information distribution applications discussed in this book. Security issues specific to various applications are covered in their respective chapters. Chapter 15, "Making Your Web Site Searchable," for example, includes a section on preventing unauthorized changes to the search engine. The purpose of this chapter is to provide an overview of various steps that you can take to make an NT server on the Internet more secure. Note the expression "more secure." Security risks are always associated with connecting a server to the Internet. The possible threat to security does not mean that you should not set up a server on the Internet. You simply should take whatever precautions necessary to make it harder and more expensive for someone to try to break into your system.

The first few sections of this chapter are devoted to discussing various security countermeasures that you can implement to secure an NT server on the Internet. The last major section is devoted to various Internet security resources on the Internet. You should visit Web sites listed here to obtain the most up-to-date information about Internet security.

Disabling the Windows NT Guest Account

If you have not done so already, disable the Windows NT guest account. Anyone can use this account to gain access to your system. If you have an FTP server set up at your site, this account can be especially dangerous because a user with malicious intent can potentially destroy information on your system using this account.

Using NTFS Security and Disk Partitions

Devoting an entire disk partition for Internet publishing is recommended if you can afford to do so. This partition should contain not only the FTP and Web server document root directories but also binary files of various Internet services. This setup makes it easier for you to control access to various directory structures and manage security. If you follow this advice, you can use NTFS security to restrict access to all other disk partitions. Using NTFS partitions exclusively is highly recommended. As shown in Figure 8.1, access to files and directories in an NTFS partition can be restricted to only certain users and user groups. Figure 8.1 demonstrates how you can revoke access to a certain directory from the Internet guest account (the account used by Internet Information Server) and assign it to the Administrators group, a certain user, and the System user.

Figure 8.1: You can restrict access to files and directories in NTFS partitions by using the File Manager.

Controlling Directory Browsing

Directory browsing is a feature available in most Web servers. A URL typically contains a directory and a filename. If a user types in a URL without a filename at the end of it, a listing of files in the directory is sent to the user, if the "default document" (usually, index.html) is not present in that directory. Look at Figure 8.2 for an example of how a user can use the directory browsing feature to obtain a list of files and directories in a directory.

Figure 8.2: Listing of files and directories when directory browsing is turned on.

Depending on the structure and nature of information at your Web site, this capability has advantages as well as disadvantages. If your Web site is an open Web site and you want to share as much information as possible, enable directory browsing. If your Web site contains information that should be accessed in a particular order, however, disable directory browsing. You can, for example, distribute software using a Web server. All the applications distributed through the Web server can be in a certain directory. For record keeping and statistical analysis purposes, you might want to make sure that users fill in a form and submit it before they are given permission to download various applications. If directory browsing is enabled, a technically inclined user might figure out how to skip registering by typing in the name of the directory in which the applications are located and downloading all the applications in that directory.

Note that a middle ground also exists. You can disable directory browsing only on certain directories. For these directories, simply create a "default document" (usually, index.html) Web page and copy it to directories in which you want to disable directory browsing. Your Web server might allow you to disable directory browsing on certain directories using a special menu or configuration file. Refer to your Web server documentation for more information.

Controlling Access to CGI Directories

Controlling access to the CGI directory of your Web server is very important. Only trusted users should have access to this directory. Any user who has access to the CGI directory of a Web server can easily execute programs on your Web server using a Web browser. For this reason, never allow any user to have access to the CGI directory via FTP. FTP uses clear text usernames and passwords. Therefore, someone who has access to part of your local network or the part of the Internet over which the authentication data is transmitted can monitor FTP transactions with a simple protocol analyzer. A protocol analyzer can be used to obtain usernames and passwords of users authorized to access your system. An unauthorized user, possibly with malicious intent, can then access your system via FTP, pretending to be an authorized user, and execute any application on your system by copying it to the CGI directory.

Enabling Auditing

Use resource auditing capabilities of Windows NT to monitor critical resources of your Internet server. From the User Manager's main menu, select Policies | Audit. The Audit Policy dialog box that appears can be used to turn on auditing (see Figure 8.3).

Figure 8.3: You can audit various system resources by using User Manager.

After you enable auditing with User Manager, select a directory and then choose Security | Auditing from the File Manager main menu. The Directory Auditing dialog box in Figure 8.4 then appears. Use the options in this dialog box to audit critical areas of your Internet server.

Figure 8.4: The Directory Auditing dialog box.

You can use the Event Detail dialog box in Figure 8.5 to monitor possible breaches of security. The event in this figure was logged as a result of an unsuccessful login attempt.

Figure 8.5: Unsuccessful login attempt recorded.

Caution
Be careful when auditing various system resources. Do not get carried away and audit too many activities because they clutter your Event Log and slow down your system. Limiting auditing to access failures is generally a good ideal. Otherwise, the Event Log becomes cluttered with too many events, making it virtually impossible for you to locate critical information.

Allowing FTP Access to Your Web Site

You can use FTP to allow users to upload contents to your Web site. When you allow users to FTP to your server, take the time to make sure that your users are aware that anything they upload to the Web server via FTP can be viewed by someone eavesdropping on the network connection. If users upload sensitive material to your server via FTP, make them use a powerful data encryption mechanism such as Pretty Good Privacy (PGP). Visit the following Web site for information about PGP.

URL
Yahoo!'s PGP information Web page:
http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/
        PGP___Pretty_Good_Privacy/

Monitoring Event Viewer

You should also take the time to monitor Event Viewer entries periodically to detect any suspicious activities. The Event Log contains valuable information that should be monitored. Devoting some time, at least once every few days, to go over the Event Log looking for any suspicious activities is a good idea. Refer to Figure 8.6 for a typical Event Viewer listing.

Figure 8.6: An Event Viewer listing.

You can obtain additional information about various events displayed in the Event Viewer by selecting an event and double-clicking it. The dialog box in Figure 8.7 is invoked by double-clicking the event selected in Figure 8.6.

Figure 8.7: Detailed information about an event displayed in the Event Viewer.

Monitoring Access Log Files

If you detect suspicious activity, monitoring access log files is a good idea. Log files can easily be several megabytes is size. Manually going over access log files, therefore, is not a very good idea. If you detect repeated suspicious activity, however, you can use the access log file to obtain additional information. If several messages appear in the Event Log, similar to the one shown in Figure 8.7, for example, you can use the access log file to obtain additional information such as the IP address of the user who tried to access the system. Figure 8.8 demonstrates how the access log file can be used to obtain detailed information about the event in Figure 8.7. In this example, the time and date of the event in Figure 8.7 are used as an index to locate the corresponding access log file entry. Refer to your Web or FTP documentation and configuration settings for the location of the access log file.

Figure 8.8: You can use access log files to obtain detailed information about various suspicious activities.

Hiding PERL.EXE

Perl is a powerful language that you can use for a variety of purposes. It is particularly suitable for creating CGI applications to process user input. However, do not place PERL.EXE in your CGI directory. A user with malicious intent can potentially use PERL.EXE to execute commands on your NT Server. Rather than place PERL.EXE in your CGI directory, create a CGI extension mapping and place PERL.EXE in a directory that's not accessible via your Web server. Refer to your Web server documentation for information about creating CGI extension mappings.

Publishing Sensitive Information

Sensitive information should never be distributed with a Web server unless the data is encrypted before it is transmitted via the Internet. Note that although you can restrict access to parts of a Web site by IP address, users can spoof IP addresses. Therefore, you should never use IP addresses to restrict access to sensitive information. The same goes for basic user authentication. Unless Windows NT challenge/response user authentication is used, someone monitoring connections to your Web server can easily intercept usernames and passwords of authorized users, and then can use them to gain unauthorized access to your system.

Enabling Encryption on the Web Server

If you use your Web server to conduct sensitive transactions over the Internet, enable encryption on your Web server to make it virtually impossible for someone to monitor your Web server traffic. Although a user who has a great deal of processing power can still monitor HTTP transactions to and from your server, doing so is prohibitively expensive. The purpose of enabling encryption is to make monitoring Web server traffic that is encrypted with a mechanism such as SSL too expensive.

Using Windows NT Challenge/Response User Authentication

If you are hosting your Web site with MS Internet Information Server, you can use Windows NT challenge/response user authentication to make sure that usernames and passwords are encrypted before they are transmitted over the Internet. Although doing so improves security, you have a trade-off. At the time of this writing, only Internet Explorer supports Windows NT challenge/response user authentication. Use this method of user authentication to improve security if you are certain all your users use Internet Explorer. Note that Windows NT challenge/response user authentication does not encrypt information transmitted via the Internet; it encrypts only usernames and passwords.

Simulating Unauthorized Break-Ins

You also would be wise to test the security of your NT system by trying to gain unauthorized access to it. You can do so with the aid of various administrative tools. Visit the following Web site for information about a utility that can be used to find weak passwords on NT systems. You can use such a utility to make sure that poor passwords chosen by your users do not compromise the security of your system by detecting them before a potential breach of security occurs.

URL
ScanNT (Password cracker for Windows NT):
http://www.omna.com/yes/AndyBaron/pk.htm

Using Internet Security Resources on the Internet

Many Internet security resources are available on the Internet. You should visit the Web sites listed in the following sections to learn more about Internet security and various ways of protecting an Internet server against unauthorized access. Monitor these Web sites for the most up-to-date information related to Internet security.

The World Wide Web Security FAQ

The World Wide Web Security FAQ contains many Internet security resources. Visit it to find information about various common security holes and how to protect your system from unauthorized accesses.

URL
World Wide Web Security FAQ:
http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html

Information Security Web Site

Visit the Information Security Web site for news articles related to information about data security and Internet Web security.

URL
Information Security Web site:
http://www.newspage.com/NEWSPAGE/cgi-bin/walk.cgi/NEWSPAGE/info/d2/d10/

Almost Everything You Ever Wanted to Know…

Visit the "Almost Everything" Web site to learn about various Internet security topics. Although some topics discussed apply only to UNIX systems, reading about them will give you a thorough understanding of some of the issues related to Internet security.

URL
"Almost everything you ever wanted to know about security (but were afraid to ask!)" Web page:
http://www.cis.ohio-state.edu/hypertext/faq/usenet/
            security-faq/faq.html

Yahoo!'s Internet Security and Encryption Web Page

Yahoo!'s Internet Security and Encryption Web page lists numerous Internet security Web pages. Visit it often for the most up-to-date information related to Internet security and encryption.

URL
Yahoo!'s Internet Security and Encryption Web page:
http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/

NT Web Server Security Issues

The following Web site lists many useful suggestions for securing an NT Web server on the Internet. Visit it to learn about various security precautions that you can take to prevent unauthorized access to an NT Web server.

URL
NT Web Server security issues:
http://www.telemark.net/~randallg/ntsecure.htm

NT FTP Server Security Issues

If you need help setting up the Windows NT FTP server and securing it to prevent unauthorized access to your system, visit the following Web page. It contains information about Windows NT FTP server security issues.

URL
NT FTP Server security issues:
http://mushin.wes.army.mil/ntpermit.htm

Summary

You can take several steps to protect an NT server on the Internet against unauthorized access. Although setting up an Internet server that is immune to unauthorized access is virtually impossible, you can take steps to make access harder and, in some cases, prohibitively expensive for someone to gain unauthorized access.

What's Next?

To make a Web site more interesting to navigate, you can utilize a number of advanced HTML techniques. You can use tables, for example, to format various objects of a Web page such as text, video clips, Java applets, and so on. You also can use frames to make navigating a Web site easier. The next chapter demonstrates how you can use various advanced HTML techniques to create attractive Web pages.