Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Precautions to Host my Live application

Posted on 2004-08-19
6
335 Views
Last Modified: 2010-03-04
Hi...
I have to host an application developed in .NET live 24/7 on RHL9.0/Apache2.0. I am looking for all the possible precautions which i should take in order to keep this applications secure and robust and how to do them.I am naive to Apache/Linux so i would like to get advise from all the experts.All the help provided will be higly highly appreciated.
Regards
0
Comment
Question by:parvinderg
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:samri
ID: 11849704
Hi Parvinderg,

The very first thing that you may need to do is to secure the server at the OS level.  Turning off the unneded services.  have firewall running, and such.

On Apache, you could visit Apache docs website at http://httpd.apache.org/docs-2.0/, and specifically some tips on Security : http://httpd.apache.org/docs-2.0/misc/security_tips.html

Apache itself is considered to be quite mature, and quite stable (performance/security-wise) -  so the apache server is less of your worries.

The next thing to worry is the application itself -- which some code may have bugs which lead to "unknown" result.  Check this too.

Apart from these tips, monitor your server closely, mod_status (http://httpd.apache.org/docs-2.0/mod/mod_status.html) is provided with apache to enable you to view the server status on-line (realtime). This should be able to give you some indication on what is happening, shoud you think that your apache is behaving weirdly.


HTH.
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 250 total points
ID: 11849897
ok, hardening OS and apache explained by samri, this is necessary as fallback when your application runs crazy.
You need to review your application if it could be threaten at least for:
   cross-site scripting, HTML Injection, SQL Injection, OS Command injection, buffer overflows, session injection, session hijacking, etc. etc.
all in all, this is called web application security
0
 
LVL 15

Accepted Solution

by:
samri earned 250 total points
ID: 11852204
parvinderg,

I think the most *tricky* question (IMHO) that I had came across in EE is -- performance, and security?

I would think that in most cases, we would need to analyze how robust an implementation could be, and how secure we want it to be -- would pretty much depend on what we actually want - and what we could afford to lose.

Apache, and most OS are defaulted with security and performance model that should be at a comfortable level to everyone (IMHO), and personally I would think that these two components would be least of your attention (as for now).  Try to concentrate on the application -- as Ahoffmann did mentioned.

Fore more information on Unix/Linux security -- you may ran a query on any search engine on "unix security", and there should be tons of link that could get you busy (and confused ?).

Stokely has a nice collection to start with : http://www.stokely.com/unix.sysadm.resources/security.html -- not that I work for them.

http://www.google.com.my/search?hl=en&ie=UTF-8&q=apache+performance+tuning&btnG=Google+Search
* tons of link.
- http://www.xenoclast.org/doc/benchmark/HTTP-benchmarking-HOWTO/node7.html
- http://www.ece.concordia.ca/~daniel/tips/apache_tuning.html  <-- this one is kinda straight to the point. I never tried it, but looks good.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:parvinderg
ID: 11874412
Any other suggestions Mr.Hoffmann or Mr.Samri? Mr.Hoffmann, you have mentioned a couple of ways of reviewing the application.How would u advise me to let the application developer accomplish this task (as i am not developing the application) ? Mr.Samri the link of the company which you are working for is fantastic.I appreciate that.
regards
0
 

Author Comment

by:parvinderg
ID: 11895719
I have almost followed all those steps which were mentioned by hoffman and samri plus i found very valuable information at http://www.securityfocus.com/infocus/1786.
Wots the function of suExec and chroot?
How can i implement those too without disturbing my current cnofiguration or messing up with that?
Any other suggestions which i really need to focus on.How can i test for the security and robustness.?
Regards
0
 
LVL 15

Assisted Solution

by:samri
samri earned 250 total points
ID: 11934434
hi parvinderg,

Lucky you posted the cross-reference in your other porst:

suExec: http://httpd.apache.org/docs-2.0/suexec.html
-- copied from Apache website:
The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server.

chroot or sometimes called "chroot jailed", is a feature where you run application in an environment such that the apps only "see" very limited areas of the OS filesystem.  Any damages that could happen would be limited to those defined by the 'chroot' perimiter (I hope I got the terminology right:)

I never tried doing this, but the following link could gets you busy for a while.
http://www.cgisecurity.com/webservers/apache/chrootapache2-howto.html
http://penguin.epfl.ch/chroot.html

cheers.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question