Home | Website Attackers | Security Terms | Security Risks | Client security | Server security | Security checklist | Contact me
Server security overviewIt's common knowledge among programmers that programs have bugs. After all, programs are created by humans and, of course, are not perfect. The larger the program, the more bugs it generally contains. For example, Microsoft's own knowledge base shows thousands of documented bugs. Buggy software opens up security holes and each and every bug is a potential security hole. Considering a web server typically runs dozens of large, complex programs, it can make for a large combination of potential security issues. In addition, each program can open up a port on the server, which is another window for a hacker to enter though. For tradition network security, the idea is to only allow a select group of individuals into the system. This mitigated the risk since all traffic except specific individuals could be physically blocked. The Internet has changed this, and grants everyone access. In addition to software bugs, another major server security problem is misconfiguration in software by system administrators. For example, leaving an open mail relay on the server so that spammers can use the server for spam, or leaving a default password in place in a SQL Server database which allows a hacker to access to the database itself. . |