1 M. Sc. [Engg.] student, Department of Computer Engineering, M. S. Ramaiah School of Advanced Studies, Bangalore-58
2Assistant Professor, Department of Computer Engineering, M. S. Ramaiah School of Advanced Studies, Bangalore-58
The most widely deployed distributed data servers are web servers, and more web servers are being deployed over the Internet, serving a wide range of both public and private users. Since these servers are exposed over the Internet with the intention of sharing information, the security of the information stored is a major concern. Most of the existing security mechanisms focus on external users who are connecting to servers over the Internet. Apart from external threats, security and intrusion threats from internal networks are also persistent and conventional protective measures are not able to handle such intrusions and security threats. This paper presents the design and implementation of an intrusion tolerant web server with CIA (Confidentiality, Integrity and Availability) goals. The intrusion tolerant architecture is developed by considering diversity, redundancy, intrusion detection and IP reputation based filtering. Redundancy is added and a load balancer ensures that the server is available to serve users continuously. Diversity is included in the architecture to increase the system's resilience to attacks by use of multiple flavours of operating systems. Integrity is achieved by checking the message headers with the help of an intrusion detection system. The intrusion tolerant functionality is implemented and tested with two servers running windows and Linux operating systems. A sample file uploading application is developed with reputation based IP filtering. Snort is configured in both servers to detect attacks and alert users. The performance of the developed architecture is compared against standalone server. The web server temporarily blocks requests from the address from which an attack appears to originate. In a 5 minutes 28 seconds long test, the total hits received for the web sites are 106468 with peak transfer speed of 1.1 Mbps, and only 1 page request failed. The application can further be developed as an applet which can be used on all web servers to perform the reputation based blocking.
Web Server, Intrusion Detection/Tolerance, Redundancy, Availability, Security
