1 00:00:15,920 --> 00:00:19,830 Let us continue with Web application protesting in this lecture. 2 00:00:20,060 --> 00:00:23,160 We will see how to prevent Web server attack. 3 00:00:23,600 --> 00:00:29,050 I have listed down some of the key bullet points of the personal attacks on your screen. 4 00:00:29,210 --> 00:00:35,480 So the first is, please, Web servers in separate secure server security segment on the network. 5 00:00:36,320 --> 00:00:43,280 And I will be posting Network ByDesign with at least three segments, namely in the next segment. 6 00:00:43,520 --> 00:00:50,350 Secure Server Security segment often called Calls Demilitarized Zone is the DMZ and Internal Network, 7 00:00:51,080 --> 00:00:51,410 please. 8 00:00:51,410 --> 00:00:52,100 The Web server. 9 00:00:52,100 --> 00:00:57,440 Instead of our security segment, it is the DMZ of the network isolated from public network as well 10 00:00:57,440 --> 00:00:58,550 as the internal network. 11 00:00:59,240 --> 00:01:06,320 Firewalls should be placed for internal networks as well as internal traffic going towards DMZ next 12 00:01:06,320 --> 00:01:13,280 to the patches and updates scan for existing vulnerabilities in the patches and update the server software 13 00:01:13,280 --> 00:01:16,760 regularly before applying any service back. 14 00:01:17,030 --> 00:01:22,430 Hotfix the security patch here and peer review all the relevant documentation. 15 00:01:22,820 --> 00:01:29,780 Test the service packs and hotfix unrepresented to non production environment prior to being deployed 16 00:01:29,780 --> 00:01:30,590 to the production. 17 00:01:30,980 --> 00:01:37,330 Ensure the server outages are scheduled and a complete set of backup tapes and emergency repair risks 18 00:01:37,400 --> 00:01:38,150 are available. 19 00:01:38,600 --> 00:01:44,630 Have a backup plan that allows the system and enterprise to run to their original state prior to the 20 00:01:44,630 --> 00:01:45,870 full implementation. 21 00:01:45,890 --> 00:01:53,710 The next is check for Portal Block, all unnecessary reports Internet control, message protocol, traffic 22 00:01:53,720 --> 00:01:59,630 that is the ICMP traffic and unnecessary protocol such as net bios and SMB. 23 00:02:00,580 --> 00:02:06,310 Hard on the D.C. baby stack and consistently apply the latest software patches and updates to system 24 00:02:06,320 --> 00:02:14,380 software if using insecure protocols suspended three SMTP FPP take appropriate measures to provide secure 25 00:02:14,380 --> 00:02:18,760 authentication and communication, for example, by using IP policies. 26 00:02:19,660 --> 00:02:25,570 If remote access is needed, make sure that the remote connection is secured properly by using Penlington 27 00:02:25,570 --> 00:02:33,760 encryption protocols, the next account settings remove all unused modules and applications extensions, 28 00:02:34,210 --> 00:02:40,420 disable unused default user accounts created during the installation of an operating system for creating 29 00:02:40,420 --> 00:02:41,680 a new web directly. 30 00:02:42,130 --> 00:02:45,020 Grant the appropriate rate is the least possible NTFS. 31 00:02:45,440 --> 00:02:52,990 Since the anonymous user being used from the IRS web server to access the web content, you secure the 32 00:02:52,990 --> 00:02:59,800 permissions, NTFS permissions and dot net framework's access control mechanisms, including your authentication. 33 00:03:00,770 --> 00:03:07,010 Slow down brute force and extra attacks with strong password policies and then audit and be alert for 34 00:03:07,010 --> 00:03:08,110 login failures. 35 00:03:09,420 --> 00:03:14,940 I don't process using the least privileged accounts as well as least privileged services and user accounts. 36 00:03:15,630 --> 00:03:22,050 The next is detecting Web server hacking at the use of a detection system to detect hacking attempts 37 00:03:22,050 --> 00:03:23,820 on the Web server Web site. 38 00:03:23,820 --> 00:03:29,760 Change detection system involves running specific script on the server that detects any changes made 39 00:03:29,760 --> 00:03:36,690 in the existing executable for a new included file on the server, periodically comparing the hash values 40 00:03:36,690 --> 00:03:41,730 of the files on the Web server with the respective must but hash value to detect the changes made in 41 00:03:41,730 --> 00:03:46,000 the codebase, alerting the user upon any detection on the server. 42 00:03:46,440 --> 00:03:52,890 For example, we observe, is the script that goes through your entire folder and detects any changes 43 00:03:52,890 --> 00:03:55,750 made to your code and alerts you using the email. 44 00:03:57,120 --> 00:03:58,710 So how different is that? 45 00:03:58,710 --> 00:04:04,770 Good audit reports on the server regularly to ensure that an insecure or unnecessary service is not 46 00:04:04,770 --> 00:04:06,020 acting on your web server. 47 00:04:06,930 --> 00:04:12,930 Ensure that the cert data ranges are valid and the certificates are used for their intended purposes. 48 00:04:13,410 --> 00:04:19,790 Ensure that any certificate has not been revoked and certificates public is valid all the way to a trusted 49 00:04:19,800 --> 00:04:20,120 route. 50 00:04:20,130 --> 00:04:28,170 Authority ensure that the protected resources are mapped, its GDP for handler and unused modules are 51 00:04:28,170 --> 00:04:28,560 removed. 52 00:04:28,770 --> 00:04:36,540 Implement secure coding practices, district code access security policy settings, apply restricted 53 00:04:36,550 --> 00:04:45,600 Ishmael's and block remote registry administration secure the same standalone servers only ensure that 54 00:04:45,600 --> 00:04:51,780 the security settings are configured properly and access to the Mbox file is restricted with hardened 55 00:04:52,020 --> 00:04:59,040 NTFS permissions and a last screen and filter the incoming traffic requests. 56 00:05:00,150 --> 00:05:06,000 In the next lecture, we will see different Web application servers like Zamp, Wempe Lamp and many 57 00:05:06,000 --> 00:05:06,240 more.