Building A Strong Web Server

SANS incident handler Swa Frantzen offers his perspective on how you might build "a web site that shall not be broken into, no matter what."

Among his ideas are to host the site at an ISP that can offer network redundancy in the event of DDoS attack; use OpenBSD because the developers are security-minded; use Apache because it comes in a jail shell with OpenBSD; use hardware that doesn't use Intel CPUs to make exploits less common; use OpenBSD's packet filter to limit incoming traffic; use multiple servers to generate content that is fed to server that hosts that "static" Web content; use Secure Shell (SSH) for management needs; and have a swappable drive ready in case of an outage due to security problems with the OS or Web server software.

You can read the full article here.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish