WebHostingSSH

Guidelines on Securing Public Web Servers

To ensure the security of a Web server and the supporting network infrastructure, the

following practices should be implemented:

Organizational wide information system security policy

Configuration/change control and management

Risk assessment and management

Standardized software configurations that satisfy the information system security

policy

Security awareness and training

Contingency planning, continuity of operations, and disaster recovery

Certification and accreditation

Organizations should ensure that Web server operating systems are deployed,

configured, and managed to meet the security requirements of the organization.

The first step in securing a Web server is securing the underlying operating system.  Most

commonly available Web servers operate on a general purpose operating system.  Many

security issues can be avoided if the operating systems underlying Web servers are configured

appropriately.  Default hardware and software configurations are typically set by vendors to

emphasize features, functions, and ease of use at the expense of security.  Because vendors are

not aware of each organization's security needs, each Web administrator must configure new

servers to reflect their organization's security requirements and reconfigure them as those

requirements change.  Securing the operating system at a minimum should include the

following steps:

Patch and upgrade the operating system

Remove or disable unnecessary services and applications

Configure operating system user authentication

Configure resource controls

Test the security of the operating system.

Organizations should ensure that the Web server application is deployed, configured,

and managed to meet the security requirements of the organization.

In many respects, the secure installation and configuration of the Web server application

mirrors the operating system process discussed above.  The overarching principle, as before, is

to install the minimal amount of Web server services required and eliminate any known

vulnerabilities through patches or upgrades.  If the installation program installs any

unnecessary applications, services, or scripts, they should be removed immediately once the

installation process completes.  Securing a Web server application at a minimum should

include the following steps:

ES 3





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Web Hosting SSH

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Web Hosting SSH
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved