What is the most important step in securing a web server?
A.
Logging all HTTP activity
B.
Enabling system-wide encryption
C.
Placing the operating system, web server program, and server files on the same partition
D.
Placing the operating system, web server program, and server files on separate partitions
Explanation:
By separating the different data groups to different partitions, prevents changes to one group from affecting another group. For example, under IIS, which is a web server, also provides FTP access. If everything was on one partition, a hacker could fill up the partition (use up all freespace) and bring the system to a screeching halt as the operating system can’t obtain anymore disk space.
Incorrect Answers:
A: Logging the activity is important, it will allow you to find out what was done – after the fact. But what is important is to be proactive and take actions that may prevent a problem in the future. Better for the problem NOT to happen in the first place, then to run around and have to find out what happened and fix it.
B: The use of encryption protects the data stream, but does not protect you system from actual attacks. If the use of the server is for public access, then anyone should be able to obtain the public encryption key and attack the server.
C: Actually, you want to do the opposite, you want the items separated.