CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

Install permanent fixes (often called patches, hotfixes, service packs, or updates).

4.1.2  Remove or Disable Unnecessary Services and Applications

Ideally, a Web server should be on a dedicated, single purpose host.  Many operating systems

are configured by default to provide a wider range of services and applications than required

by a Web server; therefore, a Web administrator should configure the operating system to

remove or disable unneeded services.  Some common examples of services that should usually

be disabled would include:

Windows Network Basic Input/Output System (NetBIOS), if not required

NFS, if not required

File Transfer Protocol (FTP)

Berkeley  r  services (e.g., rlogin, rsh, rcp)

Telnet

Network Information System (NIS)

Simple Mail Transfer Protocol (SMTP)

Compilers

Software development tools

Removing unnecessary services and applications is preferable to simply disabling them

through configuration settings, because attacks that attempt to alter settings and activate a

disabled service cannot succeed when the functional components are completely removed.

Eliminating or disabling unnecessary services enhances the security of a Web server in several

ways [CERT00]:

Unnecessary services cannot be compromised and used to attack the host or impair the

Web server services.  Each service added to a host increases the risk of compromise

for that host because each service is another possible avenue of access for an attacker.

Less is truly more in this case.

Different individuals may administer different services.  Isolating services so each

host has a single administrator will minimize the possibility of conflicts between the

administrators.  Also, having a single administrator responsible for a host provides

better accountability.

 For more information on vulnerabilities and patching, see NIST Special Publication 800 40,

Procedures for

Handling Security Patches

http://csrc.nist.gov/publications/nistpubs/index.html





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.