Stuart McClure's Daily Security Tips for the Week of November 4th
Web Security Tip for Friday, November 8th, 2002
Limit the web server information disclosed Oftentimes, a default installed web server can display information that you would rather keep private. For example, when connecting to a web server with a HEAD/HTTP/1.0, an attacker can determine the type and version of the running web service. But you can alter that banner and make the web server look like anything you would like, including Apache. A tool like URLscan from Microsoft can alter this banner by adding an ISAPI filter which picks up those kinds of requests and answers with bogus information. While not truly a security step, even obscurity can help.
Web Security Tip for Thursday, November 7th, 2002
Intrusion Detection (Prevention) While I generally do not recommend network based IDS for anything other than forensics evidence collection, a host-based IDS (or best termed, Intrusion Prevention System) such as Entercept (www.entercept.com) can be absolutely invaluable in preventing those attacks that sneak by no matter what countermeasure you put into place. These technologies wrap the operating system level syscalls to prevent the attack from occurring, no matter its novelty, and before any vendor supplies a patch.
Web Security Tip for Wednesday, November 6th, 2002
Denial of service While the hype around denial of service attacks has long been over, there are some simple steps you can take to limit your potential for attack. The biggest contributor to your defense is router based limiting, including rate limiting and packet limiting.
Web Security Tip for Tuesday, November 5th, 2002
Network security While hardening your system or host is the last line of defense, the first line is the network. Firewalls, routers, switches, etc. can open up numerous vectors of attack for your servers. Always perform reviews of these devices and search for laxed filter rules and above all, remove any default rules that say ALLOW.
Web Security Tip for Monday, November 4th, 2002
Patching Every application and operating system has security flaws present in it. Because of this, the vendors who create these applications continuously come out with patches to their software to fix these security problems. As such, it is critical to follow the recommendations of your application vendors to understand if a patch is necessary or not. For example, Microsoft's patches and service packs can be found at www.microsoft.com/security. In most cases, applying patches is the only way to provide fair to strong protection.