Lead Image © alexwhite, 123RF.com

Many approaches help secure a web server

Secure Shopping

The theft of customer data concerns companies and private individuals, as well as law enforcement agencies. Volumes of customer data usually are stolen from poorly protected online stores. After that, the illegal use of this data is almost impossible to prevent. Securing the web server is crucial. In this article, I look at the security of web servers using Apache and the Qualys SSL Server Test [1]. To begin, I look at communication between server and client.

Delivering websites by Transport Layer Security (TLS) is now standard procedure. Thanks to Let's Encrypt, the costs have fallen significantly, so that even web servers that do not require an organization validation (OV) or extended validation (EV) can be secured at low cost.

The security of communication over TLS affects web servers and clients in every case, but the focus is on protecting transferred application data. The server test operated by Qualys has established itself as a reference for testing secure TLS configurations. In the next step, I will look at which parameters you can use to take your web server ranking right up to A+; then, I investigate how you can protect your applications, the host system, and thus, existing identity data with simple options.

Ranking A+

For an A+ ranking in Qualys server testing, you only need to check a few points of your configuration. The test checks connection security in four categories: Certificate, Protocol Support, Key Exchange, and Cipher Strength (Figure 1).

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia