CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

6.3.4  Location of Server Side Content Generators

The location of active content on the Web server is critical.  If located in an incorrect directory

or in a directory with the wrong permissions, it can quickly lead to the compromise of the Web

server.  To avoid this problem:

Writable files should be identified and placed in separate folders.  No script files

should exist in writable folders.  As an example, guest book data is usually saved in

simple text files.  These files need write permissions for guests to be able to submit

their comments.

Executable files (e.g., CGI, .EXE, .CMD, and PL) should be placed in separate

folder(s).  No other readable or writable documents should be placed in these folders.

Script files (e.g., ASP, PHP, and PL) should have separate folder(s).

Include files (e.g., INC, SHTML, SHTM, and ASP) created for code reusability

should be placed in separate directories.  SSI should not generally be used on public

Web servers.  ASP include files should have an .asp extension instead of .inc.  Note

much of the risk with include files is in their execute capability.  If the execute

capability is disabled this risk is drastically reduced.

6.4  Securing Web Content Checklist

Completed

Action

Ensure that none of the following types of information are available

on or via a public Web server

Classified records

Internal personnel rules and procedures

Sensitive or proprietary information

Personal information about an organization's personnel

Telephone numbers, e mail addresses, or general listings of staff

unless necessary to fulfill organizational requirements

Schedules of organizational principals or their exact location

(whether on or off the premises)

Information on the composition, preparation, or optimal use of

hazardous materials or toxins

Sensitive information relating to homeland security

Investigative records

Financial records (beyond those already publicly available)

Organization's physical and information security procedures

Information about organization's network and information system

infrastructure

Information that specifies or implies physical security vulnerabilities

Plans, maps, diagrams, aerial photographs, and architectural plans of

organizational building, properties, or installations





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.