Towards a secure web server
Securing a web server on an insecure operating system can often prove to be unsuccessful. This leads us to consider structuring an operating system architecture specially configured for a secure web server. The first half of the paper presents an analysis of some common attacks against a web server. In the second half, the paper focuses on ways to secure a web server. An essential phase in securing a web server consists of securing the operating system on which the server is run. This is important because compromising a flaw in the operating system might lead to an attack on the web server. Denial of Service (DOS) attack is one of the most common attacks that are aimed at the web server. It can be addressed to a large extent by using a proper resource control mechanism. We propose a security architecture design that integrates resource control and accountability into Mandatory Access Control (MAC) architecture. The implementation incorporates resource control into SELinux, which has MAC built into it. This is then integrated with Multi Agent Intrusion Detection System (MAIDS), which is a framework for an intrusion detection system that is modularly compatible with other detection systems. Integration with MAIDS is done to alert the system administrator whenever a DOS attack occurs. The MAIDS software will monitor the resource control mechanism to check whether a DOS attack has taken place or not. Finally, we present the design and implementation of a security tool that checks for configurations of the web server and the operating system on which it is run.