Guidelines on Securing Public Web Servers
8. Implementing a Secure Network for a Web Server
The network infrastructure that supports the Web server plays a critical role in the security of
the Web server. In most configurations, the network infrastructure will be the first line of
defense between the Internet and a public Web server. Although considerations of network
infrastructure are influenced by many factors other than security (e.g., cost, performance, and
reliability), this section will primarily address security issues.
Network design alone, however, cannot protect a Web server. The frequency, sophistication,
and even variety of Web attacks perpetrated today support the idea that Web security must be
implemented through layered and diverse defense mechanisms (defense in depth). This
section discusses those network components that can support and protect Web servers to
further enhance their overall security.
8.1 Network
Location
An organization has many choices when selecting a networking location, and security may not
be the principal factor in deciding between those options. Network location is the first and in
many respects most critical networking decision that affects Web server security. Network
location is important for several reasons. Network location determines what network
infrastructure can be used to protect the Web server. For example, if the Web server is located
behind the organization's firewall, then the firewall cannot be used to control traffic to and
form the internal network and the Web server. Network location also determines what other
portions of the network are vulnerable if the Web server is compromised. For example, if the
Web server is located on the internal production network, then the internal network is subject
to attack from the compromised Web server. An organization may choose not to have the
Web server located on its network at all and to outsource the hosting to a third party.
8.1.1 Unadvisable Network Locations
Some organizations choose to locate their public Web servers on their internal production
networks, that is, they locate their Web server on the same network as their internal users and
servers. This location is not recommended because it exposes the internal network to
unnecessary risk of compromise. The principal weakness of this configuration is that Web
servers are often the target of choice for attackers. If they manage to compromise the Web
server, they will be on the internal network and can more easily compromise internal hosts.
Another network location that is not generally recommended is placing the Web server before
an organization's firewall or router that provides IP filtering. In this type of the configuration
the network can provide little, if any, protection to the Web server. All security has to be
provided by the Web server itself, which provides a single point of failure. To be even
somewhat secure in this location, the Web server operating system and application has to be
well hardened (all unnecessary and insecure services disabled) and with all necessary security
patches applied. To maintain the security of the setup, the Web administrator must stay up
to date on all vulnerabilities and related patches. Another limitation of this location is that it is
difficult in this type of configuration to provide any sort of secure remote administration or
content update capability.
64