WebHostingSSH

Guidelines on Securing Public Web Servers

9.  Administering a Web Server

9.1 Logging

Logging is the principal component of secure administration of a Web server.  Logging the

appropriate data and then monitoring and analyzing those logs are critical activities.  Review of

Web server logs is effective, particularly for encrypted traffic, where network monitoring is far

less effective.  Review of logs is a mundane activity that many Web administrators have a

difficult time fitting into their hectic schedules.  This is unfortunate as log files are often the

best and/or only record of suspicious behavior.  Failure to enable the mechanisms to record this

information and use them to initiate alert mechanisms will greatly weaken or eliminate the

ability to detect and assess intrusion attempts.  Similar problems can result if necessary

procedures and tools are not in place to process and analyze the log files.

System and network logs can alert the Web administrator that a suspicious event has occurred

and requires further investigation.  Web server software can provide additional log data

relevant to Web specific events.  If the Web administrator does not take advantage of these

capabilities, Web relevant log data may not be visible or may require a significant effort to

access.

Web server logs provide the following:

Alerts to suspicious activities that require(s) further investigation

Tracking of an intruder's activities

Assistance in the recovery of the system

Assistance in the post event investigation

Required information for legal proceedings.

The selection and implementation of specific Web server software will determine which set of

detailed instructions the Web administrator should follow to establish logging configurations.

Some of the guidance contained in the steps below may not be fully applicable to all vendors

Web server software products.

9.1.1  Identifying the Logging Capabilities of a Web Server

Each Web server application supports a different logging capability.  Depending on the Web

server application, one or more of the following logs may be available [CERT00]:

Transfer Log

   Each transfer is represented as one entry showing the main

information related to the transfer.

Error Log

   Each error is represented as one entry, including an explanation of the

reason for this error report.

Agent Log

   Contains information about the user client software used in accessing

Web content.





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Web Hosting SSH

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Web Hosting SSH
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved