Web Server Security on Open Source Environments | SpringerLink
Skip to main content
Springer Nature Link
Log in

Web Server Security on Open Source Environments

  • Conference paper
Next Generation Society. Technological and Legal Issues (e-Democracy 2009)

Included in the following conference series:

  • 1497 Accesses

Abstract

Administering critical resources has never been more difficult that it is today. In a changing world of software innovation where major changes occur on a daily basis, it is crucial for the webmasters and server administrators to shield their data against an unknown arsenal of attacks in the hands of their attackers. Up until now this kind of defense was a privilege of the few, out-budgeted and low cost solutions let the defender vulnerable to the uprising of innovating attacking methods. Luckily, the digital revolution of the past decade left its mark, changing the way we face security forever: open source infrastructure today covers all the prerequisites for a secure web environment in a way we could never imagine fifteen years ago. Online security of large corporations, military and government bodies is more and more handled by open source application thus driving the technological trend of the 21st century in adopting open solutions to E-Commerce and privacy issues. This paper describes substantial security precautions in facing privacy and authentication issues in a totally open source web environment. Our goal is to state and face the most known problems in data handling and consequently propose the most appealing techniques to face these challenges through an open solution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Lawton, G.: Open source security: opportunity or oxymoron? Computer 35(3), 18–21 (2002)

    Article  Google Scholar 

  2. Spinellis, D., Szyperski, C.: How is open source affecting software development? IEEE Software 21(1), 28–33 (2004)

    Article  Google Scholar 

  3. Witten, B., Landwehr, C., Caloyannides, M.: Does open source improve system security? IEEE Software 18(5), 57–61 (2001)

    Article  Google Scholar 

  4. Shankar, K.S.D., Kurth, H.: Certifying open source - the Linux experience. IEEE Security & Privacy 2(6), 28–33 (2004)

    Article  Google Scholar 

  5. Net Craft Secure Server Survey -, Web Server Survey (March 2009), http://news.netcraft.com/archives/2009/03/15/march_2009_web_server_survey.html

  6. OpenSSL Project, http://www.openssl.org/

  7. World writable/tmp, http://seclists.org/bugtraq/1998/Jul/0119.html

  8. Transport Layer security, http://en.wikipedia.org/wiki/Transport_Layer_Security

  9. Apache Software Foundation, http://www.apache.org/

  10. Red Hat Entreprise, http://www.redhat.com/

  11. Linux log Analyzers, http://www.linux.org/apps/all/Administration/Log_Analyzers.html

  12. Schroder, C.: Enhance Security with a Linux Logging Server, http://www.enterprisenetworkingplanet.com/netos/article.php/3521481

  13. VPN Image, http://www.lanos.co.uk/main/images/stories/diagram/vpn.gif%20

  14. Toolbox for Information Technology, Symmetric key Encryption, http://it.toolbox.com/wiki/index.php/Symmetric_Key_Encryption

  15. Online Encyclopedia: Wikipedia, Public-key cryptography, http://en.wikipedia.org/wiki/Public-key_cryptography

  16. Tian, Z.-H., Fang, B.-X., Yun, X.-C.: An architecture for intrusion detection using honey pot, November 2-5, vol. 4, pp. 2096–2100 (2003), doi:10.1109/ICMLC.2003.1259851

    Google Scholar 

  17. Honey pots Intrusion Detection, http://www.honeypots.net/

  18. Spitzner, L.: Honey pots: Definitions and Value of Honey pots (May 2003), http://www.tracking-hackers.com/papers/honeypots.html

  19. Black Hat Homepage, http://www.blackhat.com/

  20. Online Encyclopedia: Wikipedia, Password Cracking, http://en.wikipedia.org/wiki/Password_cracking

  21. OpenSSH Project, http://www.openssh.com/

  22. RSA Laboratories, http://www.rsa.com/rsalabs/node.asp?id=2146

  23. Putty Homepage, http://www.chiark.greenend.org.uk/~sgtatham/putty/

  24. OpenSSH Passwordless Connections, http://wiki.e-shell.org/OpenSSHPasswordlessConnectionsTheQuickWay#rsa

  25. Introduction to Port Scanning, http://netsecurity.about.com/cs/hackertools/a/aa121303.htm

  26. Linux Journal, Port Knocking, http://www.linuxjournal.com/article/6811

  27. Linux journal, Encrypt your file system, http://www.linuxjournal.com/article/7743

  28. Linux.com, Enhance Security with file encryption tools, http://www.linux.com/feature/59932

  29. Secure Programming for Linux and Unix, ‘Is Open Source Good for Security? http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/open-source-security.html

  30. Biography of Vincent Rijmen, http://www.nist.gov/public_affairs/releases/biovince.htm

  31. Viega, J.: The Myth of Open Source Security, http://it.slashdot.org/article.pl?sid=02/02/15/1846214

  32. Schneider, F.B.: Open Source in Security: Visiting the Bizarre, May 14-17, pp. 126–127. IEEE CNF (2000)

    Google Scholar 

  33. The Risks of Closed Source security, http://www.ibiblio.org/oswg/oswg-nightly/oswg/en_US.ISO_8859-1/articles/alan-cox/risks/risks-closed-source/risks.html

  34. Linux Adoption worldwide, Online Encyclopedia: Wikipedia, http://en.wikipedia.org/wiki/Linux_adoption#Government

  35. Khanvilkar, S., Khokhar, A.: Virtual private networks: an overview with performance evaluation. IEEE Communications Magazine 42(10), 146–154 (2004)

    Article  Google Scholar 

  36. Hissam, S.A., Plakosh, D., Weinstock, C.: Trust and vulnerability in open source software. IEE Proceedings Software 149(1), 47–51 (2002)

    Article  Google Scholar 

  37. Ohmaki, K.: Open source software research activities in AIST towards secure open systems. In: Ohmaki, K. (ed.) Proceedings of 7th IEEE International Symposium on High Assurance Systems Engineering, 2002 High Assurance Systems Engineering, 2002, pp. 37–41 (2002)

    Google Scholar 

  38. Sarkinen, J.: An open source(d) controller. In: Telecommunications Energy Conference, 2007. INTELEC 2007, September 30-October 4, pp. 761–768 (2007)

    Google Scholar 

  39. KeePass password Safe, http://keepass.info/

  40. Rijmen, V.: http://www.linuxsecurity.com/content/view/117552/49/

Download references

Author information

Authors and Affiliations

  1. University of the Aegean, Samos, Greece

    Dimitrios X. Gkoutzelis

  2. National Technical University of Athens - NTUA, Athens, Greece

    Manolis S. Sardis

Authors
  1. Dimitrios X. Gkoutzelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manolis S. Sardis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Informatics Laboratory, Agricultural University of Athens, 75, Iera Odos Street, Botanikos, 11855, Athens, Greece

    Alexander B. Sideridis  & Charalampos Z. Patrikakis  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Gkoutzelis, D.X., Sardis, M.S. (2010). Web Server Security on Open Source Environments. In: Sideridis, A.B., Patrikakis, C.Z. (eds) Next Generation Society. Technological and Legal Issues. e-Democracy 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 26. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11631-5_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11631-5_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11629-2

  • Online ISBN: 978-3-642-11631-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation