Improve company productivity with a Business Account.Sign Up

x
?
Solved

Precautions to Host my Live application

Posted on 2004-08-19
6
Medium Priority
?
342 Views
Last Modified: 2010-03-04
Hi...
I have to host an application developed in .NET live 24/7 on RHL9.0/Apache2.0. I am looking for all the possible precautions which i should take in order to keep this applications secure and robust and how to do them.I am naive to Apache/Linux so i would like to get advise from all the experts.All the help provided will be higly highly appreciated.
Regards
0
Comment
Question by:parvinderg
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:samri
ID: 11849704
Hi Parvinderg,

The very first thing that you may need to do is to secure the server at the OS level.  Turning off the unneded services.  have firewall running, and such.

On Apache, you could visit Apache docs website at http://httpd.apache.org/docs-2.0/, and specifically some tips on Security : http://httpd.apache.org/docs-2.0/misc/security_tips.html

Apache itself is considered to be quite mature, and quite stable (performance/security-wise) -  so the apache server is less of your worries.

The next thing to worry is the application itself -- which some code may have bugs which lead to "unknown" result.  Check this too.

Apart from these tips, monitor your server closely, mod_status (http://httpd.apache.org/docs-2.0/mod/mod_status.html) is provided with apache to enable you to view the server status on-line (realtime). This should be able to give you some indication on what is happening, shoud you think that your apache is behaving weirdly.


HTH.
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 1000 total points
ID: 11849897
ok, hardening OS and apache explained by samri, this is necessary as fallback when your application runs crazy.
You need to review your application if it could be threaten at least for:
   cross-site scripting, HTML Injection, SQL Injection, OS Command injection, buffer overflows, session injection, session hijacking, etc. etc.
all in all, this is called web application security
0
 
LVL 15

Accepted Solution

by:
samri earned 1000 total points
ID: 11852204
parvinderg,

I think the most *tricky* question (IMHO) that I had came across in EE is -- performance, and security?

I would think that in most cases, we would need to analyze how robust an implementation could be, and how secure we want it to be -- would pretty much depend on what we actually want - and what we could afford to lose.

Apache, and most OS are defaulted with security and performance model that should be at a comfortable level to everyone (IMHO), and personally I would think that these two components would be least of your attention (as for now).  Try to concentrate on the application -- as Ahoffmann did mentioned.

Fore more information on Unix/Linux security -- you may ran a query on any search engine on "unix security", and there should be tons of link that could get you busy (and confused ?).

Stokely has a nice collection to start with : http://www.stokely.com/unix.sysadm.resources/security.html -- not that I work for them.

http://www.google.com.my/search?hl=en&ie=UTF-8&q=apache+performance+tuning&btnG=Google+Search
* tons of link.
- http://www.xenoclast.org/doc/benchmark/HTTP-benchmarking-HOWTO/node7.html
- http://www.ece.concordia.ca/~daniel/tips/apache_tuning.html  <-- this one is kinda straight to the point. I never tried it, but looks good.

0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:parvinderg
ID: 11874412
Any other suggestions Mr.Hoffmann or Mr.Samri? Mr.Hoffmann, you have mentioned a couple of ways of reviewing the application.How would u advise me to let the application developer accomplish this task (as i am not developing the application) ? Mr.Samri the link of the company which you are working for is fantastic.I appreciate that.
regards
0
 

Author Comment

by:parvinderg
ID: 11895719
I have almost followed all those steps which were mentioned by hoffman and samri plus i found very valuable information at http://www.securityfocus.com/infocus/1786.
Wots the function of suExec and chroot?
How can i implement those too without disturbing my current cnofiguration or messing up with that?
Any other suggestions which i really need to focus on.How can i test for the security and robustness.?
Regards
0
 
LVL 15

Assisted Solution

by:samri
samri earned 1000 total points
ID: 11934434
hi parvinderg,

Lucky you posted the cross-reference in your other porst:

suExec: http://httpd.apache.org/docs-2.0/suexec.html
-- copied from Apache website:
The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server.

chroot or sometimes called "chroot jailed", is a feature where you run application in an environment such that the apps only "see" very limited areas of the OS filesystem.  Any damages that could happen would be limited to those defined by the 'chroot' perimiter (I hope I got the terminology right:)

I never tried doing this, but the following link could gets you busy for a while.
http://www.cgisecurity.com/webservers/apache/chrootapache2-howto.html
http://penguin.epfl.ch/chroot.html

cheers.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question