Protecting Web Servers

deyster94 · ‎06-12-2008

I have a client that hosts websites email me and said they are having hackers place code in script tags or iframe tags on web pages that point to another site where an unsuspecting user would then download malware.

My question is would CSA be the best solution to protect their web servers? I am open to other suggestions.

Thanks.

Dan

tsteger1 · ‎06-12-2008

CSA would be a good solution though it is expensive and the learning curve can be steep.

There are canned policies and rules that do a pretty good job right out of the box.

Web servers would be easier to protect with CSA than desktops\laptops because they don't usually have users installing tons of weird crap on them (unless they're hackers).

I can't say if it's the best because I haven't used anything else.

Tom

Farrukh Haroon · ‎06-12-2008

Beside CSA (or any other HIPS like ISS, Mcafee Entercept etc.) you also have to focus on the following:

> Keep Security Patches for OS and WebServer software/components up to date.

> Secure Web Programming

> Vulnerability Assessment using Custom Tools like WatchFire AppScan, Nikto, WebScarab, SPI Dynamics (Forgot the product name), Cenzic Hailstrom, Acunetix etc.

> Manually validating the various inputs/forms/fields etc. yourself (if possible) or by hiring a professional pen-test company.

> Other security best practices.

Regards

Farrukh