コンテンツ

  1. HOME
  2. FAQ
  3. Information Security
  4. Server administration

Server administration FAQ


The Information Technology Promotion Agency (IPA) explains key points in creating a safe web site.
The IPA has created the manuals, 'How to Secure Your Web Site,' and 'How to Use SQL Calls to Secure Your Web Site,' and it has much helpful information on its web site.

In the 'How to Secure Your Web Site,' look in particular at the following topics.

  1. Implementation of security for Web applications
    The manual discusses eleven ways in which web sites are vulnerable to attacks, such as SQL injection, OS command injection, cross site scripting, etc. It also explains the dangers that can occur and the features a Web site must have to take precautions against these dangers. It indicates the fundamental policies a web site must follow to eliminate the causes of its vulnerabilities and gives countermeasures that can reduce the adverse influences of external attacks.
  2. Concentration on improvement of web site security
    The manual recommends seven countermeasures to improve web site security, such as measures that will prevent the development of phishing scams; protection of web applications with a Web Application Firewall (WAF); and so on.
  3. Case studies
    The manual explains the case studies and discusses solutions to the problems in them.

The manual, 'How to Use SQL Calls to Secure Your Web Site' explains:

the causes of the occurrence of SQL injections and the steps needed to use SQL calls to secure your web site.

If you look at the Information Technology Promotion Agency (IPA) web site, you will find much useful advice for creating your own web site.

The Information Technology Promotion Agency (IPA) has released iLogScanner, a tool for detecting web site attacks.

iLogScanner is a tool that detects traces from the web server access log that appear to be attacks on the weak points of web applications. It has achieved the ability to analyze a server's web access log, a job that until now required persons with special skills. Now, however, with iLogScanner, anyone can perform this task easily and can confirm immediately whether there are traces of a dangerous attack on the web site.

iLogScanner can detect the following types of attacks on web applications.

  1. SQL injection
  2. OS commands and injections
  3. Directory traversal
  4. Cross site scripting
  5. Other (Attacks aimed at avoiding an intrusion detection system (IDS)

Types of web application attacks that the iLogScanner's software analysis can detect, in detailed cases.

  1. Possibility of attack on the same URL from the same IP address
  2. Possibility of an SQL injection not recorded in the access log
  3. Possibility of an attack targeting flaws in server settings

(Note) All traces that appear to be attacks cannot be covered nor detected with certainty. Mistakes in detection will also occur.

Operating environment:
Microsoft Windows Vista (32bit)
Microsoft Windows 7 (32bit/64bit)
Microsoft Windows 8 (32bit/64bit)
Microsoft Windows 8.1 (32bit/64bit)
Internet Explorer 8 upper
Java Runtime Environment 6 upper

Logs to be analyzed:
Access log format:
・W3C extended log file examples (IIS6.0/7.0/7.5/8.0/8.5)
・Log file examples (IIS6.0/7.0/7.5/8.0/8.5)
・Apache HTTP Server 1.3 / 2.0 / 2.2 / 2.4 common type system (custom-format)
Error log format:
・Apache HTTP Server 2.0 / 2.2 / 2.4,
・ModSecurity 2.5 / 2.6 / 2.7 / 2.8 Type system

Look at the application for the iLogScanner of the Information Technology Promotion Agency (IPA), then carry out analysis of your web site.

 

Copyright © Institute for Information Management and Communication, Kyoto University, all rights reserved.