Networking / Beginners

Handling Directory and Data Structures

Planning the hierarchy or structure of the Web root is an important part of securing a Web server. The root is the highest level Web in the hierarchy that consists of Webs nested within Webs.

Whenever possible,Web server administrators should place all Web content within the Web root. All the Web information (the Web pages written in HTML, graphics files, sound files, and so on) is normally stored in folders and directories on the Web server. Administrators can create virtual directories, which are folders that are not contained within the Web server hierarchy (they can even be on a completely different computer), but appear to the user to be part of that hierarchy. Another way of providing access to data that is on another computer is mapping drives or folders.These methods allow administrators to store files where they are most easily updated or take advantage of extra drive space on other computers. However, mapping drives, mapping folders, or creating virtual directories can result in easier access for intruders if the Web server's security is compromised. It is especially important not to map drives from other systems on the internal network.

If users accessing these Webs must have access to materials on another system, such as a database, it is best to deploy a duplicate database server within the Web server's Demilitarized Zone (DMZ) or domain.The duplicate server should contain only a backup, not the primary working copy of the database.The duplicate server should also be configured so that no Web user or Web process can alter or write to its data store. Database updates should come only from the original protected server within the internal network. If data from Web sessions must be recorded into the database, it is best to configure a sideband connection from the Web zone back to the primary server system for data transfers. Administrators should also spend considerable effort verifying the validity of input data before adding it to the database server.

Directory Properties

An important part of the security that can be set on a Web server is done through the permissions set on directories making up the Web site.The permissions control what a user or script can do within a specific directory, and allow Web administrators to control security on a granular level. Although the procedures for setting permissions on directories will vary between Web servers, the permissions themselves are largely the same. For example, in IIS,Web sites are managed through the IIS Microsoft Management Console (MMC), which is found in the Administrative Tools folder in the Control Panel. Using this snap-in for the MMC, you will be able to access the sites running on that server, and be able to view the directories making up a particular site. By right-clicking on a directory of a site and clicking on Properties in the context menu that appears. Configuring the settings on the Directory tab of this dialog box allows you to set the following permissions:

  • Script source access, which (if the Read and Write permissions are also set) allows users to view source code.
  • Read, which allows users to read and download files
  • Write, which allows users to upload files and modify files.
  • Directory browsing, which allows users to see a listing of the files and directories in the directory. If this is enabled, it is possible for a visitor to the site to navigate through a hypertext listing of your site, view its directory structure, and see the files within its directories.
  • Log visits, which records visits to the directory in a log file if logging is enabled for the site.
  • Index this resource, which allows Microsoft Indexing Service to include the directory in a full-text index of the site.

Another type of permission that can be set on the Directory tab is the execute permission that determines whether scripts and executables can be executed in a particular directory. In the Execute Permissions dropdown list, there are three possible options:

  • None, which prevents any programs from running in the directory. When this is set, only static files like Hypertext Markup Language (HTML) can be run from the directory.
  • Scripts only, which only allows scripts (such as those written in Visual Basic for Scripting Edition (VBScript), JavaScript, and so forth) to run from the directory.
  • Scripts and executables, which allows any program to run. Not only can scripts run from a directory with this permission, but executables placed in the directory can also be run.

As with any permissions that are given to users, you should never apply more permissions to a directory than are absolutely necessary for a person to use the Web content stored there. For example, a directory containing scripts would have Read and Scripts Only access, so that someone accessing an Active Server Page could run the script and view the page. If you had Microsoft Access databases stored in a database directory, you would only give Read access if people were only retrieving data, but would give Read and Write access if people were providing data that was being stored in these databases.You would never give more access than users required, because this could create situations where someone could cause significant damage to your site. Just imagine a hacker browsing the directory structure, uploading malicious software and executing it, and you see the point.

[Previous] [Contents] [Next]