Chapter 13. Host and Site Security
Web security starts with host security.[75] What is “host security”? It’s the security of the computer on which your web server is running. After all, the computer on which your web server is running has access to all of the web server’s files; it can monitor all of the web server’s communications; and it can even modify the web server itself. If an attacker has control of your computer’s operating system, it is fundamentally impossible to use that computer to provide a secure service.
Because of size and time constraints, this book cannot provide you with a step-by-step guide to building a secure Internet host. Instead, this chapter will discuss some of the most common security problems on the Internet today and will then describe how to build a web server that minimizes these problems.
Historically Unsecure Hosts
After nearly 30 years’ experience with networked computers, it’s somewhat surprising that the security problems that were identified by the Internet’s pioneers remain the most common problems today. But read RFC602 (on the following page), written by Bob Metcalfe in 1973, and reprinted in the sidebar on the following page. In that document, Metcalfe identified three key problems on the network of his day: sites were not secure against remote access; unauthorized people were using the network; and some ruffians were breaking into computers (and occasionally crashing those machines) simply for the fun of it.
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
