CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

Configuration of the server or network that could be exploited for subsequent

attacks

Information regarding the users or administrator(s) of the Web server, including

their passwords.

Vulnerabilities within the Web server that might allow, for example, attackers to

compromise the security of the server and other hosts on the organization's network

by taking actions such as the following:

Deface the Web site or otherwise affect information integrity

Execute unauthorized commands or programs on the host operating system,

including ones that the intruder has installed

Gain unauthorized access to resources elsewhere in the organization's computer

network

Launch attacks on external sites from the Web server, thus concealing the

intruders' identities, and perhaps making the organization liable for damages

Use the server as a distribution point for illegally copied software, attack tools, or

pornography, perhaps making the organization liable for damages.

Inadequate or unavailable defense mechanisms for the Web server to prevent certain

classes of attacks, such as DoS attacks, which disrupts the availability of the Web

server and prevents authorized users from accessing the Web site when required.

Poorly written software applications and scripts that allow attackers to compromise

the security of the Web server.

A number of steps are required to ensure the security of any public Web server.  As a

prerequisite for taking any step, however, it is essential that the organization have a security

policy in place. Taking the following steps within the context of the organization's security

policy should prove effective:

Step 1.  Securing, installing, and configuring the underlying operating system

Step 2.  Securing, installing, and configuring Web server software

Step 3.  Employing appropriate network protection mechanisms (e.g., firewall, packet

filtering router, and proxy)

Step 4.  Maintaining the secure configuration through application of appropriate

patches and upgrades, security testing, monitoring of logs and backups of data and

operating system

Step 5.  Using, publicizing, and protecting information and data in a careful and

systemic manner.

Step 6.  Employing secure administration and maintenance processes (including

server/application (updating and log reviews)





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.