Proactively Guarding Against Unknown Web Server Attacks

The recent wave of Code Red worms has revealed how vulnerable web servers can be to attacks over port 80, the default TCP/IP port used for HTTP traffic. Expensive firewalls proved ineffective at preventing the worm from infecting vast numbers of web servers through a simple programming bug. While investigating the latest variant, I found that some web servers did not get infected even though they were vulnerable to the programming bug. This led me to the realization that there were ways to protect web servers from future port 80 attacks that were similar in nature to Code Red. While applying security hot-fixes in a timely fashion is recommended, there is always the chance of being attacked through a newly discovered vulnerability before it can be identified and patched. The premise of this paper is to review various ways of protecting web servers from unknown attacks over port 80. We'll examine the technology, explain why it is effective, and identify areas where further diligence is required.