The role that the internet plays in people’s lives and business operations has only continued to increase as advancements in web services, web-based applications and other services have evolved. Many businesses have even gone so far as to shift most of their services online or see their web presence as a major way to advertise their brand and share information with their customers.
In response, protocols like HTML5 and HTTPS are spreading further. They meet customer demands to have access to any data at any time anywhere, especially when it comes to online shopping or banking. All of these web-based advancements, however, have also attracted cyberthieves and hackers, encouraging them to find new vulnerabilities and attack vectors to target businesses and unsuspecting website visitors.
For those looking to explain the basics and myths around web server security and how they can improve the security of their websites, this article is the first of the Infosec Skills series in web server protection. We’ll be providing an overview of web server security and introducing many of the key terms and topics that will be explored in more detail in later pieces.
Network versus web server security
While there are a lot of tools, techniques and active defense mechanisms like firewalls and intrusion detection systems that can be employed to enhance web server security, the first step organizations must take is to develop a holistic approach to security. It may be easy to think that just having a network firewall in place to secure a network will also protect the web servers and web applications sitting within them, but this isn’t true.
However, network security is different from web server security. Perimeter defenses such as firewalls use rules to filter and block traffic that is predetermined to be (Read more…)