Minimizing Risk by Minimizing Services

An important way to minimize the threats to your web server is by minimizing the other services that are offered by the computer on which the web server is running. This technique works because each network service carries its own risks. By eliminating all nonessential services, you eliminate potential doors through which an attacker could break into your system.

Table 13.1 lists some of the services that you should disable or restrict if you wish to run a secure server. Many of these services are widely considered “safe” today, but that doesn’t mean that a serious flaw won’t be discovered in one of these services sometime in the future. At the very least, excessive connections to a “safe” service can result in significant denial of service. If you don’t need a service, disable it.

Mac as Web Server

If security is your primary concern in running a web server, then you should strongly consider running your web server on a Macintosh computer. Because the Macintosh does not have a command-line interpreter, it is very difficult for attackers to break into the system and run programs of their own choosing.

At least three web servers are available for the Macintosh today:

MacHTTP is a freely available web server that is easy to administrate.
WebStar, a commercial version of MacHTTP, is sold by StarNine Technologies, a subsidiary of Quarterdeck.
WebStar Pro is an SSL-enabled version of WebStar, also sold by StarNine Technologies.

Table 13-1. Services ...

Get Web Security and Commerce now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Security and Commerce by Simson Garfinkel, Gene Spafford

Minimizing Risk by Minimizing Services

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly