1 / 31

Module 2: The Web Server

Module 2: The Web Server. Overview. The Web Server Overview of IIS Overview of Apache. Web Server Defined. Web server is a computer program that delivers (serves) content such as web pages, using the Hypertext Transfer Protocol (HTTP), over the World Wide Web. Web Server Market Share.

eliza
Download Presentation

Module 2: The Web Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 2: The Web Server

  2. Overview • The Web Server • Overview of IIS • Overview of Apache

  3. Web Server Defined Web server is a computer program that delivers (serves) content such as web pages, using the Hypertext Transfer Protocol (HTTP), over the World Wide Web.

  4. Web Server Market Share Market Share for Top Servers Across All Domainsas of November 2010 source: netcraft.com

  5. Web server Common features • Virtual hosting • Large file support • Bandwidth throttling • Server-side scripting

  6. Internet Information Services (IIS) • Overview of IIS • IIS Features • IIS Authentication • The .Net Framework • ASP.Net

  7. IIS 7 Overview • Complete redesign and rewrite of IIS, • Shipped with Windows Vista and Windows Server 2008. • Includes a new modular design that allows for a lessened attack surface and increased performance. • Introduces a hierarchical configuration system allowing for simpler site deploys • New Windows Forms based management application • New command line management options • Increased support for the .NET Framework • IIS 7.0 on Vista does not limit the number of allowed connections as IIS on XP did

  8. IIS Features IIS 7.5 Supports the following features • HTTP - Hyper Text Transfer Protocol • HTTPS - Hyper Text Transfer Protocol Secure • FTP – File Transfer Protocol • FTPS – File Transfer Protocol Secure • SMTP – Simple Mail Transfer Protocol • NNTP – Network News Transfer Protocol

  9. IIS Request Processing

  10. IIS Authentication IIS 5.0 and higher support the following authentication mechanisms: • Basic access authentication • Digest access authentication • Integrated Windows Authentication • .NET Passport Authentication (not supported in Windows Server 2008 and above) IIS 7.5 includes the following additional security features: • Client Certificate Mapping • IP Security • Request Filtering • URL Authorization

  11. Introduction to the .Net framework The .NET Framework is: • Common Language Runtime – provides an abstraction layer over the operating system • Base Class Libraries – pre-built code for common low-level programming tasks • Development frameworks and technologies – reusable, customizable solutions for larger programming tasks

  12. Introduction to the .Net Framework cont. The .NET Framework allows you to: • Apply common skills across a variety of devices, application types, and programming tasks • Integrate with other tools and technologies to build the right solution with less work • Build compelling applications faster

  13. Components of the .NET Framework Visual C# Visual Basic Visual J# Visual C++ JScript ThirdParty ADO.NET ASP.NET User Interfaces .NET Framework Class Library Common Language Runtime

  14. IIS and ASP.Net

  15. IIS Versions Almost every version of IIS was released either along or with a version of Microsoft Windows operating system with the exception of IIS 1.0 which was initially released as a free add-on for Windows NT 3.51. • IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition • IIS 7.0, Windows Server 2008 and Windows Vista (Home Premium, Business, Enterprise, Ultimate Editions) • IIS 7.5, Windows Server 2008 R2 and Windows 7

  16. Common Security Threats in IIS • IIS is plagued with buffer overflows • Inability to properly filter requests

  17. To Fix Common Threats • You should configure the URL Scan filter to reject maliciously formed HTTP requests • Change the ISAPI extensions, such as .htr, .idq, .ism, and .printer • Don’t install samples or remote administrations tools on new installs • Only installed modules required by your application

  18. Process for Securing Web Sites and Applications

  19. Overview of Apache

  20. Overview of Apache • Apache HTTP Server, commonly referred to as Apache is web server software • Played a key role in the initial growth of the World Wide Web • Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation

  21. Overview of Apache • Since April 1996 Apache has been the most popular HTTP server software in use • As of November 2010 Apache served over 59.36% of all websites and over 66% of the million busiest • The majority of web servers using Apache run a Unix-like operating system

  22. Apache Features • Apache supports a variety of features, many implemented as compiled modules • The modular nature allows you to only install and activate needed modules • The following core modules are required:

  23. Virtual hosting • For example, one machine with one Apache installation could simultaneously serve www.example.com, www.test.com, test47.test-server.test.com, etc. • Apache features configurable error messages

  24. Apache Features • Some common language interfaces support Perl, Python, Tcl, and PHP • Popular authentication modules include mod_access, mod_auth, mod_digest, and mod auth_digest, the successor to mod_digest

  25. Apache Web server

  26. Apache System Requirements • Java 1.4.x or greater. • ANT 1.6.3 or greater. • JUnit 3.8.2 if you wish to run the unit tests. • CPU, Disk and Memory requirements are based on the many choices made in implementing Lucene

  27. Common Security Threats Apache • Keep up to Date • Permissions on Server Root Directories • Server Side Includes • Protect Server Files by Default • Watching Your Logs • Protecting System Settings

  28. Typical Attack Process

  29. Reduce the Attack Surface

  30. Review • The Web Server • Overview of IIS • Overview of Apache

More Related