CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

6.  Securing Web Content

The two main components to Web security are the security of the underlying server application

and operating systems, and the security of the actual content.  Of these, the security of the

content is often overlooked.  Content security itself has two components.  The more obvious is

not to place any proprietary, classified, or other sensitive information on a publicly accessible

Web server unless other steps have been taken to protect the information via user

authentication and encryption (see Section 7).  The less obvious component of content security

is compromised caused by the way particular types of content are processed on a server can

lead to a compromise.

6.1  Publishing Information on Public Web Sites

Little thought is usually given to the security implications of the content placed on the Web

site.  Few organizations have a Web publishing process or policy that determines what type of

information to publish openly, what information to publish with restricted access, and what

information should not be published to any publicly accessible repository.  This is unfortunate

because Web sites are often one of the first places that malicious entities will search for

valuable information.  For example, attackers often read the contents of a target organization's

Web site to gather intelligence before any attacks [Sca01].

Absent compelling reasons, a public Web site should generally not contain the following

information:

Classified records

Internal personnel rules and procedures

Sensitive or proprietary information

Personal information about an organization's personnel

Home addresses and phone numbers

Social Security Numbers (SSNs)

Detailed biographical material (could be employed for social engineering)

Staff family members

Telephone numbers, e mail addresses

, or general listings of staff unless necessary to

fulfill organizational requirements

 For federal agencies, this would include all items covered by the Privacy Act of 1974

http://www.usdoj.gov/04foia/privstat.htm

).





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.