Ενδυνάμωση ασφάλειας σε εξυπηρετητές παγκόσμιου ιστού (CentOS Use Case)

Γαλανομάτης, Κωνσταντίνος

Web server security hardening (CentOS Use Case)

Master Thesis

Author

Γαλανομάτης, Κωνσταντίνος

Date

2021

Abstract

At today’s time more and more companies and organizations are launching their products and services on the Internet in order to gain an edge over their competitors. However, this business plan carries a lot of risks and dangers if not done carefully and with the right security procedures for transitioning on the Internet. In the tech world, cyber-attacks are a daily occurrence for system administrators. Malicious users attempt to steal legitimate users' data, other sensitive system data and even disrupt their smooth operation by causing the company to lose reputation, money and at the same time reduce its customers. These attacks are called denial of service attacks and one of them will concern us in this master thesis. System administrators are required to properly configure the technologies used to provide the company's services, by respecting the three main pillars of information systems security, confidentiality, integrity and availability (CIA triad). This master thesis aims to create an analytical step-by-step guide for enhancing the security of the CentOS operating system and the Apache web server program, and also ways to deal with the DoS Slowloris attack, which targets Apache web servers. In addition to the guide, there will be the practical part of the thesis which is the creation of a script which will execute appropriate commands to automate the process of system security hardening. The script will be executed and then various security auditing and vulnerability scanning tools will be used to check the overall security of the system. The harden system will be compared with the ‘vanilla’ system as provided by the official CentOS website. Finally, we will run a Slowloris attack on the system before and after activating the Apache security modules so that we can check in real scenario how our security mechanism for the attack is working.

Postgraduate Studies Programme

Ασφάλεια Ψηφιακών Συστημάτων

Department

Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών Συστημάτων

Number of pages

129

Language

Greek

URI

https://dione.lib.unipi.gr/xmlui/handle/unipi/13544
http://dx.doi.org/10.26267/unipi_dione/967

Collections

Τμήμα Ψηφιακών Συστημάτων

Show full item record

Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού 3.0 Ελλάδα