IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.94 Protection of WWW files
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
The files and directories on a WWW server must be protected against
unauthorised changes, but also - depending on the security requirements -
against unauthorised access.
General aspects
If scripts are attached via cgi-bin, it is essential to ensure that programming is
secure in order to prevent the scripts from being used to circumvent the
server's protection mechanisms. One possible means of making unauthorised
access more difficult is to run the scripts under a user ID which only has
access to selected files. It is particularly important to protect the configuration
files, because otherwise it is easy to deactivate all access restrictions.
The read rights and write rights for the WWW files should allow only
authorised users access, as local files.
Protection against unauthorised changes
On a typical WWW server, only the log files are subject to constant change;
all other files are static. This applies in particular to system programs and the
WWW pages. Although WWW pages are regularly updated, they should not
be edited on the WWW server itself.
In order to ensure that no files can be modified on the WWW server without
this being noticed, checksums should be formed for all static files and
directories (for example with a program such as tripwire; see also S 4.93
Regular integrity checking) and should be checked at regular intervals.
In order to prevent the possibility of WWW files being modified by
unauthorised third parties at all, static data can be stored on a write-protected
storage medium (such as a CD-ROM or a hard disk with write protection).
Protection against unauthorised access
Access to files or directories on a WWW server can be protected in various
ways:
- Access can be restricted to freely selectable IP addresses, subnetworks or
domains.
- User-specific IDs and passwords can be assigned.
- The files can be stored in encrypted form and the associated cryptographic
keys only made known to the target audience.
Authentication by means of addresses
Authentication by means of numerical IP addresses does not offer the
protection of cryptographic procedures because it can be rendered ineffective
by an attack based on IP spoofing. IP spoofing involves an attacker falsifying
IP packets in order to pretend that they originate from a trustworthy IT system
(see T 5.48 IP spoofing). However, a firewall can be used to prevent external
users from pretending to be internal users. If access is not restricted to
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000