Web server security: Active defense

Introduction

Active defense is an approach taken to prevent attacks from adversaries. In this article, we discuss the various active defenses and countermeasures that can be enforced in an attempt to prevent web server and web application attacks by adversaries. These countermeasures will include tools that you can use to protect your web servers from adversaries on the internet.

Overview

Active defense is a term borrowed from security defense to be used. It refers to the actions and steps taken to achieve an advantage over an adversary. When seeking active defense, we look for ways of confusing the adversary or even wasting their time so much as to allow us enough time to properly configure our defenses and thwart the adversary. 

The following are some countermeasures that can be put in place:

1. Configuring a honeypot to waste an adversary’s time
2. Installing an alert system that can alert you to attacks
3. Configuring firewalls to detect and block attacks

The intention of the countermeasures above can be to achieve the following:

1. Waste the adversary’s time
2. Trap the attack to prevent further compromise
3. Inform security teams concerning attacks
4. Assist in discovering the source of the attack

If active defense is properly executed, then it will be able to thwart the attacker’s campaign plan. Remember, the hacking process begins with reconnaissance, where the attacker attempts to collect as much information on the target as possible. When we limit the hacker’s success within this phase, they are most likely to give up. 

Sponsorships Available

Sponsorships Available

Sponsorships Available

Let’s consider a few resources that can come in handy when performing active defense.

Honeypots for web server security

Honeypots can be configured to work as fake services on web servers. The intention is to trick attackers and even alert security personnel concerning incoming attacks. 

The following are some tools (Read more...)