Apache Secure Web Server

Threats to a web server

Main hazards/threats to a web server are:

• Profiling
• Denial of service
• Unauthorized access
• Arbitrary code execution
• Elevation of privileges
• Viruses
• Worms
• Trojan horses

1. Profiling

• Profiling is an exploratory process used by the attacker to collect information about web site.
• An attacker uses this information to know the weak points of the web site.

Common attacks used for profiling include:
1. Port scans
2. Ping sweeps
3. NetBIOS and server message block (SMB) enumeration

2. Denial of Service

• This attacks occurs when your server is overloaded by service requests.
• The hazard is that your web server becomes too busy to respond the legitimate client requests.

Common Denial of Service attacks include:
1. Network-level SYN floods
2. Buffer overflows
3. Flooding the Web server with requests from distributed locations

3. Unauthorized access

• It occurs when a user without right permission gains access to restricted information.

4. Arbitrary code execution

• This attack occurs when an attacker runs malicious code on the server.
• In code execution, there are attacks which hack the server resources or make additional attacks against the sub systems.

Common code execution attacks include:
1. Path traversal
2. Buffer overflow leading to code injection

5. Viruses

• These programs are designed to perform malicious acts.
• It cause disruption to the operating system and applications.

6. Worms

• These programs are self-replicating and self-sustaining.

7. Trojan horses

• These programs appear to be useful but damage the applications.

Editing ssl.conf configuration file

The ssl.conf file or ssl-httpd.conf file holds security related directives.

Steps to edit and configure ssl.conf file

• Open ssl.conf file using a text editor.

Default location of this file in

a) Linux - /usr/local/apache/etc
b) Windows – C:\Program Files\ Apache Software Foundation\Apache2.2\conf.extra

• Create a backup of ssl.conf file by simply copying the this file into another text editor file and save this file as ssl.confold.
• Open file and remove '#' sign from start point of the lines.

Listen 565
ServerName <your_server_name>:565
SSLEngine on
SSLCertificate /<path to><your_SSL_Certificate>.crt
SSLCertificateKeyFile /<path to><*.key file created with CSR>.key
SSLCertificateChainFile /<path to>qvsslica.crt
SSLCACertificateFile /<path to>qvrca2.crt

• Save ssl.conf file after making the changes.
• Locate httpd.conf file and open it using a text editor like notepad or “vi editor”.
• Create backup of httpd.conf file by simply copying this file into another text editor file and save this file as httpd.confold.
• In httpd.conf file, insert the following line anywhere
conf/extra/ssl.conf

• Save httpd.conf file.
• Restart Apache Service.