Risks associated with web servers responses

Provide (2) 150 words substantive response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.

RESPONSE 1:

The Apache web server is an open source web server that was created in 1995. With very little configuration Apache is able to handle large amounts of traffic and because of open source there are developers continuously working on updates and better functionality. Apache can also be used on multi-platforms. Apache is able to accept and route traffic to certain ports. By default it will run on port 80, but with specific address-port combinations it is able to route ports. Ways to make Apache more secure are through some of the following ways. Disabling the trace HTTP request. By default this is enabled and allow cross-site tracing that could potentially expose your cookie information. Disabling the directory listing will prevent access to the files and sub-directories within the browser. Tools that can be used to secure your Apache server are mod security that is an open source web application first this will provide you with several features designed to protect the server.  

The Microsoft Internet Information Server (IIS) has been in service since Windows Server 2003 and only operates on the Windows operating system. Like Apache you are able to route traffic to other ports. IIS benefits from being popular due to its platform that supports all the Microsoft applications. Some of the features of IIS are Remote management that allows the management of the program via command line interface or union PowerShell. IIS also comes with security features that allows users to manage TLS certificates and allows the user to filter requests that will allow for the traffic of whitelists and blacklists. These are tools that will assist in securing IIS. Disable the OPTIONS Method. The OPTIONS method gives a list of the methods supported by a web server and disabling this ensures that potential attackers won’t be able to access the information. Enable Dynamic IP address restrictions will block access to IP address that go over a certain amount of requests. This can prevent denial of service attacks. 

Reference 

(February 20, 2020). Ultimate guide IIS server: What is IIS? IIS tutorial. DNS stuff. Retrieved from https://www.dnsstuff.com/windows-iis-server-tools

Acunetix (November 5, 2014). Microsoft IIS – 8 Tips for security best practices. Acunetix. Retrieved from https://www.acunetix.com/blog/articles/iis-security-best-practices/

Hernandez, J. (May 8, 2019). What is Apache? In-depth overview of Apache Web Server. Sumo Logic. Retrieved from https://www.sumologic.com/blog/apache-web-server-introduction/

Kumar, C. (June 6, 2019). Apache web server hardening and security guide. Geekflare. Retrieved from https://geekflare.com/apache-web-server-hardening-security/

– VINCENT

RESPONSE 2:

Security on an Apache webserver is only as good based on its configurations.  Along with proper security configuration, it’s important to keep Apache updated with the latest security patches as they become available.  The following are some configuration changes in securing an Apache server:

Securing an Apache webserver should be configured to use only what is required for functionality. Configure on the module required to run functionality and restrict other unnecessary services.  

Run as an unprivileged user:  this refers to locking down the Apache server with minimal permission than necessary.  This would require to set the server as an unprivileged systems user versus root or admin user.

Disabling server-info directive, server signature and server-status Directive to prevent the exposure of server information, such as version, paths, data directories, server performance, HTTP requests and client IPs. 

Setting the ServerToken directive to Prod will direct Apache to a specified name, like Apache in the server response header. This prevent the server from sending server information out when responding to a request.

OpenSSL is one tool I ran into when researching Apache security.  Because Apache does not come with encryption, running OpenSSL with it can provide traffic encryption and public/private key pairs to force all traffic over SSL protocol.

A Microsoft IIS server has similar security configuration recommendations as the Apache.  These include:

Installing and properly configuring only the necessary modules required for functionality and implementing the least privileged rule. As well as enabling Window authentication with extended protection to protect against credential relaying and phishing attacks.

Maintaining an up-to-date anti-virus and security patches.  Also enabling SSL and SSL certificates.     

Web application isolation includes isolating web application pools, ASP.Net temp folders and content and ensure access controls list are configured to allow access as per set permissions.

Claudia 

Acunetix. (2021, March 12). 10 tips for apache security. Retrieved August 03, 2021, from https://www.acunetix.com/blog/articles/10-tips-secure-apache-installation/

The most important steps to take to make an Apache server more secure. (n.d.). Retrieved August 03, 2021, from https://help.dreamhost.com/hc/en-us/articles/226327268-The-most-important-steps-to-take-to-make-an-Apache-server-more-secure

Archiveddocs. (n.d.). Security best practices for iis 8. Retrieved August 03, 2021, from https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj635855(v=ws.11)

– CLAUDIA

University Writings
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.