Web Server Security

The goal of cyber security is keeping an organization’s  systems, network and data confidential ,with integrity and being available(C IA). The internet society (ISOC) developed the Open standards everywhere (OSE)  tool  to ensure web servers remain secure for building a bigger, stronger and more secure Internet . The OSE documentation can be obtained on https://github.com/InternetSociety/ose-documentation. The OSE project  seeks to  update web servers and make them  comply with  open Internet standards developed by the Internet Engineering Task Force (IETF) . For checking compliance with the above standards, the internet.nl standards checker was used to measure  ISOC affiliated websites and check their conformity to the above. The internet.nl is an initiative of the Dutch Government and the Dutch internet standards community.

 Internet.nl tests the following:

  1. DNS Security Extensions (DNSSEC)- allows DNS data to be signed by the owner of the data  i.e. signed domain.
  2. IP v6: – for checking if your domain name has at least two name servers with an IPv6 address i.e. modern addressing.
  3. HTTPS :- allows confidentiality of any  transactions conducted through your website.
  4. Security Options – for activating  browser mechanisms to protect visitors against attacks.
  5. STARTTLS and DANE (secure mail server connection)
  6. DMARC+DKIM+SPF (anti-spoofing)
  7. RPKI (secure routing).

The internet Engineering Task Force (IETF) is ever improving the internet with the overall goal of having an internet that is faster, bigger and safer. On the other hand, the internet society (www.internetsociety.org) advocates for adoption of these standards by individuals and organizations. To this end , they have developed a project with guidelines of how to comply with the latest IETF standards which can be obtained here

Imagine you are purchasing an item on an online store ,how sure are you that your payment details are fed on the intended website or you are being redirected to a clone website? The DNS Security Extensions (DNSSEC) actually helps with this, it prevents what is called “cache poisoning”. With DNSSEC, you are guaranteed to a high degree that the website you are visiting is actually the one you intended. More than 30% of visitors visiting Google search in august 2021 used IPv6. Computers in the internet by far communicate using IPv4, sadly available IPv4 addresses are being depleted as more and more nodes are joining the internet. IPv6 is billed as the answer to a depleting IPv4 space. A web server should be configured to communicate with both IPv4 and IPv6 to avoid locking out huge numbers of potential users to your website. Finally,HTPPS and Security options ensure your website is secured with a valid security certificate and the rules that force visitors to your website only communicate to you via a secure link.

Another interesting tool is the http2.pro, this one tests whether your web server is updated to at least http version 2. Http2 compliance means the speed in the user web browsers has reduced latency thereby increases down page load speed. Type and enter this web address https://http2.pro/ and enter the web address of your website.

Athi Community passes the two above tests showing our organization complies with the internet.nl and http2.pro platforms scoring 100%, we are complying with modern internet standards.

Web server security

We are partnering with the internet society-Kenya chapter in advocating for securing of web servers to meet modern internet standards. We are open and willing to share with any organization or individual ways of achieving the above.

Useful links

https://github.com/InternetSociety/ose-documentation/

https://github.com/NLnetLabs/Internet.nl

https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website

Leave a Comment

Your email address will not be published. Required fields are marked *