ISSC363 Apache and Microsoft IIS Tools and Techniques

/in /by

ISSC363 Apache and Microsoft IIS Tools and Techniques

Need to respond to the below two students discussions with at least 150 words minimum per discussion response. Below int he bold will be the questions the students are responding to.

Question:

Two of the most popular web servers are Apache and Microsoft IIS. Discuss some of the tools and techniques used to secure these web servers.


Student one:

Two of the most popular web servers are Apache and Microsoft IIS. Discuss some of the tools and techniques used to secure these web servers.

The two most popular web servers are Apache and IIS(Internet Information Server) by Microsoft. While both servers are rather popular Apache is the most used and most popular of the two because Apache can run on different operating systems however IIS is pretty much just for Microsoft operating systems. Because of this apache tends to be more flexible in its usage but Microsoft IIS is fully integrated for the Microsoft system which makes it easier to use.

Some tools and techniques used to secure these web servers are keeping the server up to date. Updating the server helps harden the security because there are always new threats, risk, and vulnerabilities that may cause harm to the system if not kept updated. Another good technique is only allowing the operations and modules that are needed and closing the ones that are not used often allowing applications to run that aren’t in use leaves an open port or gateway onto the system. It is also recommended for the Apache server to remove the server version banner. By removing the banner you are not allowing others the chance to use this information against you. Microsoft LLS comes with a lockdown tool, that allows the user to configure the security of the server. “The tool disables unused script mappings, which were the root cause of both the Nimda and Code Red worms.”(Kotek, 2003) Use authorization in combination with authentication to secure access to content on your server. This allows the user to limit who can have access to the information on the server and what machines can communicate with the server.

References:

Kotek, Brian, “Lock IT Down: Use these tools to tighten security in IIS”, October 6, 2003,www.techrepublic.com/article/lock-it-down-use-thes…

-Josiah

Student two:

With the two most popular web servers being Apache and Microsoft Internet Information Services servers, it is imperative that you secure those servers the most. There are several exploits available for Apache servers, which cause significant concerns. The major exploits are usually countered by several best practices when setting up the server. First, you have to disable the trace HTTP request option so that malicious actors can’t steal cookie information, run Apache with the signature set to off so you don’t give out the version number you’re running, disable all the banners sent back to the clients which usually include the clients operating system, restrict access to a specific network if you can, don’t use SSL 2.0 and 3.0 because they have significant vulnerabilities, definitely disable the directory listing so that people can’t look at your directories and to avoid unnecessary vulnerabilities remove the unnecessary DSO modules and above all ensure to update with all security updates. (Kumar, 2018)

The Microsoft Internet Information Services (IIS) servers are also vulnerable so just like the Apache servers there are a few best practices employed to secure them as well. According to the experts at TechTarget, ensure you include Windows authentication integrated with the client certificate authentication and ASP.NET form based authentication and URL authentication. You must also use IPv4 address and domain name rules to prevent access to unauthorized IP address, disable dynamic content so malicious software isn’t run. With those rules the Microsoft IIS servers are more secure than the Apache servers, but you must also remember to update the security patches all the time as well. (Cobb, 2010)

Works Cited
Cobb, M. (2010, October). Microsoft IIS 7 security best practices. Retrieved from TechTarget: https://searchsecurity.techtarget.com/tip/Microsoft-IIS-7-security-best-practices

Gibson, D. (2014). Managing Risk in Information Systems. Jones & Bartlett Learning.

Kumar, C. (2018, March 2). 10 Best Practices To Secure and Harden Your Apache Web Server. Retrieved from GeekFlare: https://geekflare.com/10-best-practices-to-secure-and-harden-your-apache-web-server/

-John Ford