CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

Schedules of organizational principals or their exact location (whether on or off the

premises)

Information on the composition or preparation of hazardous materials or toxins

Sensitive information relating to homeland security

Investigative records

Financial records (beyond those already publicly available)

Medical records

Organization's physical and information security procedures

Information about organization's network and information system infrastructure (e.g.,

address ranges, naming conventions, access numbers)

Information that specifies or implies physical security vulnerabilities

Plans, maps, diagrams, aerial photographs, and architectural plans of organizational

building, properties, or installations

Information on disaster recovery or continuity of operations plans except as absolutely

required

Details on emergency response procedures, evacuation routes, or organizational

personnel responsible for these issues

Copyrighted material without the written permission of the owner

Privacy or security policies that indicate the types of security measures in place to the

degree that they may be useful to an attacker

Never use a public Web server to host sensitive information intended to be accessed only by

internal users (compromise of the public Web server will invariably lead to the compromise of

this data).

To ensure a consistent approach, an organization should create a formal policy and process for

determining and approving the information to be published on a Web server.  In many

organizations, this is the responsibility of the chief information officer (CIO) and/or public

affairs officer.  Such a process should include the following steps:

 When an e mail address must be published on a Web site, consider the use of generic email addresses or aliases

(e.g.,

webmaster@mydomain.gov

 as opposed to

jane_doe@mydomain.gov

).  There are two reasons to do this.  One,

published email addresses are much more likely to receive unsolicited bulk e mal (i.e.,  spam ).  Two, personally

identifying email addresses can provide useful information to an attacker (e.g., possible usernames or as a information

to be used for social engineering attempts).

 For more guidance on protecting this type of information see the White Memorandum Dated March 19, 2000,

Action to Safeguard Information Regarding Weapons of Mass Destruction and Other Sensitive Documents Related to

Homeland Security

http://www.usdoj.gov/oip/foiapost/2002foiapost10.htm

).





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.