Apache and Microsoft IIS
Questions:
Two of the most popular web servers are Apache and Microsoft IIS. Discuss some of the tools and techniques used to secure these web servers.
Your answer should include the terms, concepts, and theories learned thus far. No credit will be given if Wikipedia is used. To post, select the Topic title (e.g., Week 5 Discussion to access the topic and then select the “Start a New Thread” button.)
Apache and Microsoft IIS
Apache and Microsoft IIS web servers are prone to security risks and threats; thus, there is a need to secure them using the relevant tools and techniques. There are different security tools tasked with the web server’s security, and each tool has its different functions. In this regard, the ZAP (Zep Attack Proxy) is a fuzzing penetration testing tools for websites to evaluate the safety of the web servers. Nikto established web server security gaps to ensure that they are sealed (Alsaleh et al., 2013). Whisker tests the server for CGI vulnerabilities. Wrlscan.io gives insight to web pages by providing profiles of network traffic used during page loads. URLVoid analyses websites through different blacklist engines and reputation tools, thus revealing the identity and untrustworthy websites. Buro Suite tool entails collecting tools for website penetration testing; Dirbuster evaluates the web directories and files to establish their content. The SqlMap helps in the detection and exploitation of the SQL Injection vulnerabilities.
The Apache and Microsoft IIS web servers can be secured and protected using different approaches and techniques. In this regard, web servers can be secured through the website’s auditing and securing logs in safe locations (Pandey and Jain, 2015). The regular audits of the website are mandatory and are directed towards detecting malicious activities, hacking alerts, and threats, thus enhancing safety. Consequently, web servers can be protected by ensuring that they are grounded. The grounding of the webserver ensures that patching and regular updating is made possible, thus sealing the security gaps. Moreover, the application scanners should be used on the web servers to protect applications and servers by detecting flaws in the system and eliminating them. Additionally, the web servers are protected by using public-key Authentication to ensure that authorized parties can access them with private keys.
References
Alsaleh, M., Alqahtani, A., Alarifi, A., & Al-Salman, A. (2013, October). Visualizing PHPIDS log files for better understanding of web server attacks. In Proceedings of the Tenth Workshop on Visualization for Cyber Security (pp. 1-8).
Pandey, J., & Jain, M. (2015). An Analytical study and synthesis on Web server security. Compusoft, 4(4), 1690.
