Blog | G5 Cyber Security

Web Server Security: A Practical Guide

G5 Cyber Security

TL;DR

Keep your web server updated, use strong passwords and HTTPS, limit access, monitor logs, and regularly scan for vulnerabilities. This guide provides a step-by-step approach to securing your public facing web server.

Securing Your Web Server: A Step-by-Step Guide

  1. Keep Software Updated
    • Regularly update your operating system, web server software (e.g., Apache, Nginx), and any associated libraries or frameworks.
    • Enable automatic security updates where possible.
    • Check vendor websites for security advisories.
  2. Use HTTPS/SSL/TLS
    • Encrypt all traffic between your server and users using HTTPS.
    • Obtain a valid SSL/TLS certificate from a trusted Certificate Authority (CA).
    • Configure your web server to redirect HTTP traffic to HTTPS. For example, in Apache: 
      Redirect permanent / https://yourdomain.com/
    • Ensure your SSL/TLS configuration uses strong ciphers and protocols (avoid older versions like TLS 1.0).
  3. Strong Passwords & Authentication
    • Use strong, unique passwords for all user accounts.
    • Consider multi-factor authentication (MFA) where available.
    • Disable default accounts and change any pre-set credentials.
    • Limit the number of failed login attempts to prevent brute-force attacks.
  4. Firewall Configuration
    • Configure a firewall (e.g., iptables, ufw) to allow only necessary traffic to your server.
    • Block all incoming traffic on unused ports.
    • Only allow access from trusted IP addresses where possible. For example, using `ufw`: 
      sudo ufw allow from 192.168.1.0/24 to any port 80
  5. Limit Access & Permissions
    • Follow the principle of least privilege: grant users only the permissions they need.
    • Restrict access to sensitive files and directories.
    • Disable directory listing.
    • Ensure your web server user has limited privileges.
  6. Regularly Scan for Vulnerabilities
    • Use vulnerability scanners (e.g., Nessus, OpenVAS) to identify security weaknesses.
    • Perform regular penetration testing.
    • Address any identified vulnerabilities promptly.
  7. Monitor Logs
    • Regularly review web server logs for suspicious activity.
    • Set up alerts to notify you of potential security incidents.
    • Use log analysis tools to identify patterns and anomalies.
  8. Disable Unnecessary Services
    • Stop and disable any services that are not required for your web server to function.
    • Reduce the attack surface by minimizing the number of running processes.
  9. Implement a Web Application Firewall (WAF)
    • A WAF can help protect against common web attacks such as SQL injection and cross-site scripting (XSS).
    • Consider using a cloud-based WAF or installing one on your server.
  10. Backups
    • Regularly back up your web server files, databases and configuration.
    • Store backups securely in an offsite location.
    • Test your backup restoration process regularly.
Exit mobile version