Before we even start to talk about Web servers, let's look at clients and . browsers to display PDF (Portable Document Format) files, and Macro. The Web server - Apache - Complete Guide is one of the many topics covered in the series of books that I'm writing on Linux, the goal of which is to help any. PDF | The embedded web server technology is the combination of embedded device and Internet technology, which provides a flexible remote.
|Language:||English, Spanish, German|
|Genre:||Children & Youth|
|Distribution:||Free* [*Register to download]|
Web server is a computer where the web content is stored. Basically web server is used to host the web sites but there exists other web servers also such as. Thank you for downloading this excerpt from Run Your Own Web Server. Using Linux & Apache, written by Stuart Langridge and Tony Steidler-. This report first examines the history of server operating systems and their timelines. It then went on to discuss the most important features of webserver.
It is the responsibility of parent process to monitor the load and decide if processes should be killed or forked. Multi-threaded Unlike Multi-process, it creates multiple single-threaded process. Hybrid It is combination of above two approaches. In this approach multiple process are created and each process initiates multiple threads. Each of the threads handles one connection. Using multiple threads in single process results in less load on system resources.
Examples Following table describes the most leading web servers available today: S. This is done by the means of usernames and passwords.
A user requests a webpage from the server, before he can do anything tangible in the website, the system will have to ask him to provide his identity i.
He will then be asked to verify that identity by a password. The system will check through its database to see if actually the given username and password matched the ones in the database. If they matched, he will be given access to the resources. However, if not, he may be asked to try again or if he is not a registered member, will be asked to sign up. In another scenario, taking a webhosting company for example, the webserver operating system must have the mechanism to restrict access to the servers only to the employees of that company.
Still, this is done through username and password authentication.
For authorised users who have access to the system, even some of them have no right to view and edit some files or data within the system. This is kept in check by access control and file permissions mechanisms.
He will have to make sure and be ensured that the employees of that web company on the other end can have no access to his detailed profile page information unless extremely necessary. A server-oriented operating system must provide a platform that network security mechanisms could be implemented.
Network security in this regard is the way the operating system protects or provides a platform to protect itself from threats over the network. In order to ensure security over the network, the operating system must be able host or must have some of the following network security mechanisms, protocols and applications discussed below.
This done in order to conceal the information contained in the messages contained in the communication from the prying eyes of any intruder. For example, a communication might be captured by an eavesdropper by the use of a packet sniffer.
But due to it being encrypted, the intercepted message will be of no use to him because he will not gain any meaningful information contained in the packet. SSL is implemented mainly for securing communications between clients and e- commerce servers where sensitive information like credit card numbers and some other personal details are always on the prowl. The TLS uses the same encryption techniques but uses larger key sizes for encryption and decryption. However, in terms of a webserver operating system, it is a built-in software program that protects the server from intentional hostile intrusions that could compromise security goals, i.
A firewall in an operating system sits at the junction between system resources and the outside network and controls the network traffic flow between the server and the outside network Gollman, The firewall is set up to tailor incoming and outgoing packets to and from the network. This is also called ingress filtering and egress filtering respectively. When a packet goes through a firewall, it checks the packet headers to see the source and destination addresses and compare it with its specification list.
If the packets reached the criteria, they are allowed to bypass through. Otherwise, they are dropped. Firewalls are set according to some rules and policies. Some actions set in a firewall rule set are bypass, drop and protect.
The policies of a firewall can either be permissive or restrictive. Permissive states that by default, the firewall should allow all network traffic to pass through but only blocking the ones specified by its rule set.
With this policy, it easier to make mistakes because if an administrator forgets to block something, it is by default allowed in or out.
However, restrictive is the other way round. You block all traffic by default and allow the ones only specified in the rule set. This is a much more secure and recommended policy.
If the administrator forgets to allow something, someone will complain, and then now he will add it in the rule set specifications. Figure 3.
IDS should be embedded on the system in case a firewall fails or was somehow bypassed by an intruder. Implementing an IDS, a vulnerability assessment should be made by examining the security state of the system, which consist of information about open ports and the software packages running on the system Gollman, An IDS comprises of a set of sensors for collecting data situated on the server.
The sensors are managed from a central console where data is scrutinized, intrusions are reported, and reactions may be activated. There are a few approaches of an Intrusion Detection System and a few of them are discussed below. An example of a signature is the number of failed login attempts.
This might also not be a threat because it might be just an authorized user who forgot his password. An IDS refers to a database of known system vulnerabilities and attacks for the system in supervision. A baseline statistical behaviour which is initially set defines the state of normalcy. When the system is in use, an alarm is sounded when there is a deviation from the normal baseline of operation or if a threshold is bypassed.
The system is designed to mimic original production systems but only contains false data. Think how honeypots are used to attract a bear. A honeypot is a resource whose only value is being attacked or compromised Spitzner, A disadvantage of an IDS is that an alarm might be sounded when no threat is taking place false positive or false alarm. Another disadvantage is false negative, when the system fails to detect a misuse or threat if that activity lies within the threshold of a normal behaviour.
An IDS in a system is what a security alarm does in a house. A basic IDS works by monitoring data over a network traffic and comparing it with the parameters set in the IDS database which specifies the kind packets or communications that is allowed between a client and a server. Files stored in the system are moved up and down the hierarchy through some stage and migrate operations.
This is based upon storage policies and usage patterns as well as storage availability and user requests Cohen, Performance of the storage hierarchy is judged by how fast the operating system handles replacement procedures of data or processes, properties of program traces and the time taken for a particular data to be accessed in memory when requested.
The Battle has ebbed and flowed. Having a look at the key differences between these operating systems, we will come to decide which operating system conclusion as to which system will win the gigantic battle. Some of their core differences are discussed below.
Also adding to this misery, most Microsoft applications that one can install on these systems comes also with a price. So it can be assumed that Microsoft is out to fleece people out of their hard-earned money.
Taking an example, in a server farm, for any number of server machines, you must but a Windows Server licence for each single computer. However, in contrast, Linux have beaten Windows hands down in terms of cost because most Linux distributions comes free of charge; or if even not free, they are as cheap as they come.
And to add cherry to the cake, majority of Linux based applications or programs comes freely available at no cost. The reason why Linux is free or almost is because it has been licenced under the GNU General Public Licence which allows free distribution of Linux source code Cabrera, Anyone can modify the source code to suit his needs as long as it is never used for commercial purposes. Now considering our server farm example from above, a single licence of a Linux server could be installed on all the computers in the server farm.
Linux has been famous for its stability, which is its ability to function for a long time without reduction in performance.
It also handles deadlocks and faults efficiently to avoid system crashes. The system will have to be restarted then. Another factor of negativity of Windows is that most of the time when software and drivers are updated, the system will have to be restarted for the configurations to work. Figure 4. Even if one of them do find a way into the system, they require root access to operate.
Only a Linux administrator can install applications on a Linux system. Up to today, there is a known number of malware that affects Linux system—only a few hundredths or so. However, for Windows, malwares can affect the system from everywhere—flash drives, Internet etc.
Millions of malwares out there target Windows systems and it is said that Windows was targeted because it is the leader in personal computing operating systems.
A malware in Windows can be made operational by any user of the system. That means it does not require root access. Web like miniature servers. So, a buggy script can be a potential pages may be stored in the host computer or another com- attack target.
Drawing the line can be may help attackers break through the server.
A poorly configured Web server can punch a hole in the most carefully designed firewall system. Access Control with distinct access privileges. Access Control is, who is allowed to view what on a Web Apache is the most widely used web server. Understanding the approach of Apache towards security can help us make other applica- 2. In nd. Hence it is vulnerable to network eavesdropping. When section 3 we have gone into depth and discussed how these confidential documents are transmitted from the Web server security features are implemented in Apache.
Finally, we to the browser, or when the end-user sends private informa- match the security features of Apache with various security tion back to the server inside a fill-out form, someone may patterns. In these wsed by default for security reasons. Ideally, no one but network-based attacks authorized users are denied the use the lead CGI developer and the system administrator should of network services.
DoS attacks come in variety of forms have full access on the files contained by the directory ref- and aim at a variety of services such as the consumption erenced by ScriptAlias. Ability of Web Server arbitrary directories.
To allow CGI program execution for any file ending in. Reducing CGI risks with wrappers 2. File Permission A wrapper allows CGI applications to be run under the user There are two file systems roots working in a server, namely, ID of the site owner, i.
Wrapping CGI ap- root having all the logs and configuration files. Most CGI wrappers perform additional security because this keeps all the sensitive information and also the checks before they allow a requested application to execute.
CGI scripts. Two popular CGI wrappers are: 3.
Apache is the number one choice to ensure the request is valid. It is the most ecuted.