Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues.
Most companies running these web servers trust the communication to the web applications hosted on these servers, allowing unrestricted access on ports 80 and 443.Unfortunately, this is how cyber criminals are able to gain access to private data. These ports have to remain open, therefore server security is an important element of data security, with web application security being the first defence.
To help you improve the security of your server, we’re bringing together our three sets of tips on server security, one for Apache, one for IIS and two for nginx. There are some common points which we’ve customised for each server, such as disabling any unused modules and making sure to update regularly but there are also a number of server-specific tips and instructions for each.
Having the correct security configuration on your servers might make the difference between being secure and being the victim of a data breach, so it’s a measure we would strongly suggest taking.
- 8 tips to secure your IIS installation
- Tips to harden your nginx configuration; part 1
- Tips to harden your nginx configuration; part 2
- 10 tips to secure your Apache installation