Improving Web Application Security: Threats and - CGISecurity

Chapter 15: Securing Your Network 413Auditing and LoggingBy default, a router logs all deny actions; this default behavior should not bechanged. Also secure log files in a central location. Modern routers have an array oflogging features that include the ability to set severities based on the data logged.An auditing schedule should be established to routinely inspect logs for signs ofintrusion and probing.Intrusion DetectionWith restrictions in place at the router to prevent TCP/IP attacks, the router shouldbe able to identify when an attack is taking place and notify asystem administratorof the attack.Attackers learn what your security priorities are and attempt to work around them.Intrusion Detection Systems (IDSs) can show where the perpetrator is attemptingattacks.Firewall ConsiderationsA firewall should exist anywhere you interact with an untrusted network, especiallythe Internet. It is also recommended that you separate your Web servers fromdownstream application and database servers with an internal firewall.After the router, with its broad filters and gatekeepers, the firewall is the next pointof attack. In many (if not most) cases, you do not have administrative access to theupstream router. Many of the filters and ACLs that apply to the router can also beimplemented at the firewall. The configuration categories for the firewall include:●●●●●Patches and updatesFiltersAuditing and loggingPerimeter networksIntrusion detectionPatches and UpdatesSubscribe to alert services provided by the manufacturer of your firewall andoperating system to stay current with both security issues and service patches.