In this article, we round out our six-part series by examining the issues and administrative recommendations associated with computer Web and TPC/IP services security. The text is extracted from our book, The Ultimate Windows 2000 System Administrator's Guide (Addison Wesley, 2000). Although some of the text is focused on Microsoft enterprise environments, the principles broadly address other operating system environments.
When implementing a Web server, certain basic guidelines should be followed to protect against security breaches. A Web server allows users to download designated files and run CGI scripts, Active Server Pages, and server-side applets that are accessible to it. For this reason, the server should not be able to access sensitive files that contain proprietary company information or files pertinent to system security.
Limit the Web server to a specific directory subtree, and specifically dedicate a system to Web server duties (Windows 2000 uses %SystemRoot%Inetpub\wwwroot). Also, make sure that Web sites with password security do not place the password security file in a directory the server can read. The Web server should run as a very underprivileged user to limit its own access, with a privilege level just enough to perform required functions. It should have a firewall between it and the internal network, and no internal host should trust it through Windows 2000 domain trust relationships.
Restricting Scripts from External Sources
Because the Web server is permitted to run local components, all scripts, applets, and active components should be analyzed for unintended uses. Remember: These scripts can be run with freely chosen parameters from the outside, so any service that allows users to download scripts to the server should be carefully scrutinized. FTP users should not be able to download to the Web server's file system area. In fact, almost all services should be disabled on the Web server except for HTTP.