CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

To ensure the security of a Web server and the supporting network infrastructure, the

following practices should be implemented:

Organizational wide information system security policy

Configuration/change control and management

Risk assessment and management

Standardized software configurations that satisfy the information system security

policy

Security awareness and training

Contingency planning, continuity of operations, and disaster recovery

Certification and accreditation

Organizations should ensure that Web server operating systems are deployed,

configured, and managed to meet the security requirements of the organization.

The first step in securing a Web server is securing the underlying operating system.  Most

commonly available Web servers operate on a general purpose operating system.  Many

security issues can be avoided if the operating systems underlying Web servers are configured

appropriately.  Default hardware and software configurations are typically set by vendors to

emphasize features, functions, and ease of use at the expense of security.  Because vendors are

not aware of each organization's security needs, each Web administrator must configure new

servers to reflect their organization's security requirements and reconfigure them as those

requirements change.  Securing the operating system at a minimum should include the

following steps:

Patch and upgrade the operating system

Remove or disable unnecessary services and applications

Configure operating system user authentication

Configure resource controls

Test the security of the operating system.

Organizations should ensure that the Web server application is deployed, configured,

and managed to meet the security requirements of the organization.

In many respects, the secure installation and configuration of the Web server application

mirrors the operating system process discussed above.  The overarching principle, as before, is

to install the minimal amount of Web server services required and eliminate any known

vulnerabilities through patches or upgrades.  If the installation program installs any

unnecessary applications, services, or scripts, they should be removed immediately once the

installation process completes.  Securing a Web server application at a minimum should

include the following steps:

ES 3





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.