Guidelines on Securing Public Web Servers

2.  Web Server Security Problems and Overview 

The World Wide Web (WWW) is one of the most important ways for an organization to 

publish information, interact with Internet users, and establish an e commerce business 

presence.  However, if it is not rigorous in configuring and operating its public Web site, an 

organization may be vulnerable to a variety of security threats.  Although the threats in 

cyberspace remain largely the same as in the physical world (e.g., fraud, theft, vandalism, and 

terrorism), they are far more dangerous as a result of three important developments: increased 

efficiency, action at a distance, and rapid technique propagation [Sch00].  

Increased Efficiency

.  Automation makes attacks, even those with minimal 

opportunity for success, efficient and extremely profitable.  For example, in the 

physical world an attack that would succeed once in 10,000 attempts would be 

ineffectual because of the time and effort required on the average for a single success.  

The time invested in getting a single success would be outweighed by the time 

invested in the 5,000 failures.  On the Internet, automation enables the same attack to 

be a stunning success.  Computing power and bandwidth are getting less expensive 

daily, while the number of hosts that can be targeted is growing rapidly.  This synergy 

means that almost any attack, no matter how low its success rate, will likely find many 

systems to exploit.   

Action at a Distance

.  The Internet allows action at a distance.  The Internet has no 

borders, and every point on the Internet is reachable from every other point.  This 

means that an attacker in one country can target a remote web site in another country 

as easily as one close to home.   

Rapid Technique Propagation

.  The Internet allows for easier and more rapid 

technique propagation.  Before the Internet, techniques for attack were developed that 

would take years, if ever, to propagate, allowing time to develop effective 

countermeasures.  Today, a new technique can be propagated within hours or days.  It 

is now more difficult to develop effective countermeasures in a timely manner.   

Compromised Web sites have served as an entry point for intrusions into many organizations' 

internal networks.  Organizations can face monetary losses or legal action if an intruder 

successfully violates the confidentiality of their data.  Denial of service (DoS) attacks can 

make it difficult, if not impossible, for users to access an organization's Web site.  These 

attacks may cost the organization significant amounts of time and money.  An organization can 

also find itself in an embarrassing situation resulting from malicious intruders changing the 

content of the organization's Web pages. 

Three main security issues are related to the operation of a publicly accessible Web site 

[CERT01]: 

Misconfiguration or other improper operation of the Web server, which may result, 

for example, in the disclosure or alteration of proprietary or sensitive information.  

This information can include items such as the following: 

Assets of the organization  

4