WebHostingSSH

Guidelines on Securing Public Web Servers

Install or enable only necessary services.

Install Web content on a dedicated hard drive or logical partition.

Limit uploads to directories that are not readable by the Web server.

Define a single directory for all external scripts or programs executed as part of Web

content.

Disable the use of hard or symbolic links.

Define a complete Web content access matrix that identifies which folders and files

within the Web server document directory are restricted and which are accessible (and

by whom).

Disable directory listings.

Use user authentication, digital signatures, and other cryptographic mechanisms as

appropriate.

Use host based intrusion detection systems and/or file integrity checkers to detect

intrusions and verify Web content.

Organizations should use active content after carefully balancing the benefits gained

against the associated risks.

In the beginning, most WWW sites presented static information residing on the server,

typically in the form of text based documents.  Soon thereafter, interactive elements were

introduced to offer users new ways to interact with a Web site.  Unfortunately, these same

interactive elements introduced new Web related vulnerabilities, since they involve moving

code from a Web server to a client for execution.  Different active content technologies have

different associated vulnerabilities, which must be weighed against their benefits.

Organizations must use authentication and cryptographic technologies as appropriate to

protect certain types of sensitive data.

Public Web servers often support a range of technologies for identifying and authenticating

users with differing privileges for accessing information.  Some of these technologies are

based on cryptographic functions that can provide an encrypted channel between a Web

browser client and a Web server that supports encryption.  Web servers may be configured to

use different cryptographic algorithms, providing varying levels of security and performance.

Without proper user authentication in place, organizations cannot selectively restrict access to

specific information.  All information that resides on a public Web server is then accessible by

anyone with access to the server.  In addition, without some process to authenticate the server,

users of the public Web server will not be able to determine if the server is the  authentic

Web server or a counterfeit version operated by a malicious entity.

 See NIST Special Publication 800 28,

Guidelines for Active Content and Mobile Code

http://csrc.nist.gov/publications/

) for more extended discussion and advice on the policy and technical issues of

active content.

ES 5





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Web Hosting SSH

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Web Hosting SSH
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved