CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

1. Introduction

1.1 Authority

This document has been developed by the National Institute of Standards and Technology

(NIST) in furtherance of its statutory responsibilities under the Computer Security Act of 1987

and the Information Technology Management Reform Act of 1996, specifically 15 United

States Code (U.S.C.) 278 g 3 (a)(5).  This document is not a guideline within the meaning of

15 U.S.C 278 g 3 (a)(3).

These guidelines are for use by federal organizations that process sensitive information.  They

are consistent with the requirements of the Office of Management and Budget (OMB) Circular

A 130, Appendix III.

This document may be used by nongovernmental organizations on a voluntary basis.  It is not

subject to copyright.

Nothing in this document should be taken to contradict standards and guidelines made

mandatory and binding upon federal agencies by the Secretary of Commerce under his

statutory authority.  Nor should these guidelines be interpreted as altering or superseding the

existing authorities of the Secretary of Commerce, the Director of the OMB, or any other

federal official.

1.2  Purpose and Scope

The purpose of Guidelines on Securing Public Web servers is to present security guidance for

the design, implementation, and operation of publicly accessible Web servers.  While intended

as recommended guidance for federal departments and agencies, it may be used in the private

sector on a voluntary basis.

This document should be used by organizations to enhance security on Web server systems,

and to reduce the number and frequency of Web related security incidents.  This document

presents generic principles that apply to all systems.  In addition, specific examples are

presented that address two of the more popular Web server applications: Apache and

Microsoft Internet Information Server (IIS).

This guideline does NOT cover the following aspects relating to securing a Web site:

Securing other types of network servers

Firewalls and routers used to protect Web servers beyond a basic discussion in

Section 8

Security considerations related to Web client (browser) software

Special considerations for high traffic Web sites with multiple hosts

 For more information on securing Web browsers see NIST Special Publication 800 46,

Security for Telecommuting

and Broadband Communications (

http://csrc.nist.gov/publications/nistpubs/index.html

).





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.