CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

Install or enable only necessary services.

Install Web content on a dedicated hard drive or logical partition.

Limit uploads to directories that are not readable by the Web server.

Define a single directory for all external scripts or programs executed as part of Web

content.

Disable the use of hard or symbolic links.

Define a complete Web content access matrix that identifies which folders and files

within the Web server document directory are restricted and which are accessible (and

by whom).

Disable directory listings.

Use user authentication, digital signatures, and other cryptographic mechanisms as

appropriate.

Use host based intrusion detection systems and/or file integrity checkers to detect

intrusions and verify Web content.

Organizations should use active content after carefully balancing the benefits gained

against the associated risks.

In the beginning, most WWW sites presented static information residing on the server,

typically in the form of text based documents.  Soon thereafter, interactive elements were

introduced to offer users new ways to interact with a Web site.  Unfortunately, these same

interactive elements introduced new Web related vulnerabilities, since they involve moving

code from a Web server to a client for execution.  Different active content technologies have

different associated vulnerabilities, which must be weighed against their benefits.

Organizations must use authentication and cryptographic technologies as appropriate to

protect certain types of sensitive data.

Public Web servers often support a range of technologies for identifying and authenticating

users with differing privileges for accessing information.  Some of these technologies are

based on cryptographic functions that can provide an encrypted channel between a Web

browser client and a Web server that supports encryption.  Web servers may be configured to

use different cryptographic algorithms, providing varying levels of security and performance.

Without proper user authentication in place, organizations cannot selectively restrict access to

specific information.  All information that resides on a public Web server is then accessible by

anyone with access to the server.  In addition, without some process to authenticate the server,

users of the public Web server will not be able to determine if the server is the  authentic

Web server or a counterfeit version operated by a malicious entity.

 See NIST Special Publication 800 28,

Guidelines for Active Content and Mobile Code

http://csrc.nist.gov/publications/

) for more extended discussion and advice on the policy and technical issues of

active content.

ES 5





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.