Web Server Security for E-Commerce Applications

2016 ◽  
pp. 61-69
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Operating System ◽  
Copyright Protection ◽  
Denial Of Service ◽  
Web Server ◽  
System Security ◽  
Control Mechanisms ◽  
Mobile Code ◽  
Limited Extent ◽  
Web Servers ◽  
Web Publishing

Most merchant Web servers are contacted by completely unknown, often even anonymous, users. Thus they cannot generally protect themselves by demanding client authentication, but rather by employing carefully configured access control mechanisms. These range from firewall mechanisms and operating system security to secured execution environments for mobile code. Generally, all types of mechanisms that allow a client to execute a command on the server should be either completely disabled or provided only to a limited extent. Denial-of-service attacks on Web servers have much more serious consequences for Web servers than for Web clients because for servers, losing availability means losing revenue. Web publishing issues include anonymous publishing and copyright protection. Web servers must take special care to protect their most valuable asset. Information. which is usually stored in databases and in some cases requires copyright protection.

WebMonitor: a Tool for Measuring World-Wide Web Server Performance

First Monday ◽  
1997 ◽  
Author(s):  
Jussara M. Almeida ◽  
Virgilio Almeida ◽  
David J. Yates
Keyword(s):  
Operating System ◽  
World Wide Web ◽  
World Wide ◽  
Web Server ◽  
Size Distributions ◽  
Web Servers ◽  
Overall Performance ◽  
User Space ◽  
Web Server Performance

Server performance has become a crucial issue for improving the overall performance of the World-Wide Web. This paper describes WebMonitor, a tool for evaluating and understanding server performance, and presents new results for realistic workloads. WebMonitor measures activity and resource consumption, both within the kernel and in HTTP processes running in user space. WebMonitor is implemented using an efficient combination of sampling and event-driven techniques that exhibit low overhead. Our initial implementation is for the Apache World-Wide Web server running on the Linux operating system. We demonstrate the utility of WebMonitor by measuring and understanding the performance of a Pentium-based PC acting as a dedicated WWW server. Our workloads use file size distributions with a heavy tail. This captures the fact that Web servers must concurrently handle some requests for large audio and video files, and a large number of requests for small documents, containing text or images. Our results show that in a Web server saturated by client requests, up to 90% of the time spent handling HTTP requests is spent in the kernel. These results emphasize the important role of operating system implementation in determining Web server performance. It also suggests the need for new operating system implementations that are designed to perform well when running on Web servers.

scholarly journals Analisis Perbandingan Kinerja Snort Dan Suricata Sebagai Intrusion Detection System Dalam Mendeteksi Serangan Syn Flood Pada Web Server Apache

Respati ◽  
2020 ◽  
Vol 15 (2) ◽  
pp. 6
Author(s):  
Lukman Lukman ◽  
Melati Suci
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Web Server ◽  
Attack Detection ◽  
Web Servers ◽  
Server Software ◽  
The Web

INTISARIKeamanan jaringan pada web server merupakan bagian yang paling penting untuk menjamin integritas dan layanan bagi pengguna. Web server sering kali menjadi target serangan yang mengakibatkan kerusakan data. Salah satunya serangan SYN Flood merupakan jenis serangan Denial of Service (DOS) yang memberikan permintaan SYN secara besar-besaran kepada web server.Untuk memperkuat keamanan jaringan web server penerapan Intrusion Detection System (IDS) digunakan untuk mendeteksi serangan, memantau dan menganalisa serangan pada web server. Software IDS yang sering digunakan yaitu IDS Snort dan IDS Suricata yang memiliki kelebihan dan kekurangannya masing-masing. Tujuan penelitian kali ini untuk membandingkan kedua IDS menggunakan sistem operasi linux dengan pengujian serangan menggunakan SYN Flood yang akan menyerang web server kemudian IDS Snort dan Suricata yang telah terpasang pada web server akan memberikan peringatan jika terjadi serangan. Dalam menentukan hasil perbandingan, digunakan parameter-parameter yang akan menjadi acuan yaitu jumlah serangan yang terdeteksi dan efektivitas deteksi serangan dari kedua IDS tersebut.Kata kunci: Keamanan jaringan, Web Server, IDS, SYN Flood, Snort, Suricata. ABSTRACTNetwork security on the web server is the most important part to guarantee the integrity and service for users. Web servers are often the target of attacks that result in data damage. One of them is the SYN Flood attack which is a type of Denial of Service (DOS) attack that gives a massive SYN request to the web server.To strengthen web server network security, the application of Intrusion Detection System (IDS) is used to detect attacks, monitor and analyze attacks on web servers. IDS software that is often used is IDS Snort and IDS Suricata which have their respective advantages and disadvantages.The purpose of this study is to compare the two IDS using the Linux operating system with testing the attack using SYN Flood which will attack the web server then IDS Snort and Suricata that have been installed on the web server will give a warning if an attack occurs. In determining the results of the comparison, the parameters used will be the reference, namely the number of attacks detected and the effectiveness of attack detection from the two IDS.Keywords: Network Security, Web Server, IDS, SYN Flood, Snort, Suricata.

scholarly journals Impact analysis of SYN flood DDOS attack on HAPROXY and NLB cluster-base web servers

2020 ◽  
Vol 19 (1) ◽  
pp. 505 ◽  
Author(s):  
Subhi Rafeeq Zeebaree ◽  
Karwan Fahmi Jacksi ◽  
Rizgar Ramadhan Zebari
Keyword(s):  
Load Balancing ◽  
Impact Analysis ◽  
Denial Of Service ◽  
Information Service ◽  
Web Server ◽  
Web Servers ◽  
Internet Service ◽  
Public Network ◽  
Ddos Attack ◽  
Cpu Usage

<p>In recent, the high available internet service is main demand of the most people. However, online services occasionally become inaccessible due to various threats and attacks. Synchronization (SYN) flood Distributed Denial of Service (DDoS) is the most used and has a serious effect on the public network services. Hence, the outcome of this attack on the commonly utilized cluster-based web servers is systematically illustrated in this paper. Moreover, performance of Internet Information Service 10.0 (IIS 10.0) on Windows server 2016 and Apache 2 on Linux Ubuntu 16.04 server is evaluated efficiently. The performance measuring process is done on both Network Load Balancing (NLB) and High Available Proxy (HAProxy) in Windows and Linux environments respectively as methods for web server load balancing.  Furthermore, stability, efficiency and responsiveness of the web servers are depended as the study evaluation metrics. Additionally, average CPU usage and throughput of the both mechanisms are measured in the proposed system. The results show that the IIS 10.0 cluster-based web servers are more responsiveness, efficiency and stable with and without SYN flood DDoS attack. Also, the performance of IIS 10.0 web server is better than of the Apache 2 in term of the average CPU usage and throughput.</p>

KylinX

2021 ◽  
Vol 37 (1--4) ◽  
pp. 1-27
Author(s):  
Yiming Zhang ◽  
Chengfei Zhang ◽  
Yaozheng Wang ◽  
Kai Yu ◽  
Guangtao Xue ◽  
...  
Keyword(s):  
Operating System ◽  
Virtual Machine ◽  
Web Server ◽  
Experimental Results ◽  
Similar Performance ◽  
Dynamic Mapping ◽  
Memory Footprint ◽  
Dynamic Library ◽  
High Flexibility

Unikernel specializes a minimalistic LibOS and a target application into a standalone single-purpose virtual machine (VM) running on a hypervisor, which is referred to as (virtual) appliance . Compared to traditional VMs, Unikernel appliances have smaller memory footprint and lower overhead while guaranteeing the same level of isolation. On the downside, Unikernel strips off the process abstraction from its monolithic appliance and thus sacrifices flexibility, efficiency, and applicability. In this article, we examine whether there is a balance embracing the best of both Unikernel appliances (strong isolation) and processes (high flexibility/efficiency). We present KylinX, a dynamic library operating system for simplified and efficient cloud virtualization by providing the pVM (process-like VM) abstraction. A pVM takes the hypervisor as an OS and the Unikernel appliance as a process allowing both page-level and library-level dynamic mapping. At the page level, KylinX supports pVM fork plus a set of API for inter-pVM communication (IpC, which is compatible with conventional UNIX IPC). At the library level, KylinX supports shared libraries to be linked to a Unikernel appliance at runtime. KylinX enforces mapping restrictions against potential threats. We implement a prototype of KylinX by modifying MiniOS and Xen tools. Extensive experimental results show that KylinX achieves similar performance both in micro benchmarks (fork, IpC, library update, etc.) and in applications (Redis, web server, and DNS server) compared to conventional processes, while retaining the strong isolation benefit of VMs/Unikernels.

scholarly journals Web Server Performance Improvement Using Dynamic Load Balancing Techniques: A Review

2021 ◽  
pp. 47-62
Author(s):  
Ibrahim Mahmood Ibrahim ◽  
Siddeeq Y. Ameen ◽  
Hajar Maseeh Yasin ◽  
Naaman Omar ◽  
Shakir Fattah Kak ◽  
...  
Keyword(s):  
Load Balancing ◽  
Response Time ◽  
Performance Improvement ◽  
Web Server ◽  
Dynamic Load Balancing ◽  
The Internet ◽  
Web Servers ◽  
Web Server Performance ◽  
Server Clusters ◽  
The Web

Today, web services rapidly increased and are accessed by many users, leading to massive traffic on the Internet. Hence, the web server suffers from this problem, and it becomes challenging to manage the total traffic with growing users. It will be overloaded and show response time and bottleneck, so this massive traffic must be shared among several servers. Therefore, the load balancing technologies and server clusters are potent methods for dealing with server bottlenecks. Load balancing techniques distribute the load among servers in the cluster so that it balances all web servers. The motivation of this paper is to give an overview of the several load balancing techniques used to enhance the efficiency of web servers in terms of response time, throughput, and resource utilization. Different algorithms are addressed by researchers and get good results like the pending job, and IP hash algorithms achieve better performance.

On network operating system security

2015 ◽  
Vol 26 (1) ◽  
pp. 6-24 ◽  
Author(s):  
Christian Röpke ◽  
Thorsten Holz
Keyword(s):  
Operating System ◽  
System Security ◽  
Operating System Security

Evaluation of Network Operating System Security Controls

2003 ◽  
Vol 18 (3) ◽  
pp. 291-306 ◽  
Author(s):  
Cheryl L. Dunn ◽  
Gregory J. Gerard ◽  
James L. Worrell
Keyword(s):  
Operating System ◽  
Learning Experience ◽  
Simulated Data ◽  
System Security ◽  
Financial Statement ◽  
Security Controls ◽  
Related Risk ◽  
Course Material ◽  
Operating System Security ◽  
System Access

Systems and financial statement auditors are often responsible for evaluating compliance with system security controls as part of their annual audit procedures. This assignment provides a practical learning experience that relates your course material to actual tasks practitioners perform. You are provided with simulated data from a realistic company example and are asked practitioner-relevant questions covering a variety of issues related to network operating system access. Monitoring and limiting network operating system access and mitigating the related risk is crucial since any application (including accounting applications) can be accessed, and potentially compromised, through the network operating system.

Sign in / Sign up

Export Citation Format

Share Document