WebHostingSSH

Guidelines on Securing Public Web Servers

1. Introduction

1.1 Authority

This document has been developed by the National Institute of Standards and Technology

(NIST) in furtherance of its statutory responsibilities under the Computer Security Act of 1987

and the Information Technology Management Reform Act of 1996, specifically 15 United

States Code (U.S.C.) 278 g 3 (a)(5).  This document is not a guideline within the meaning of

15 U.S.C 278 g 3 (a)(3).

These guidelines are for use by federal organizations that process sensitive information.  They

are consistent with the requirements of the Office of Management and Budget (OMB) Circular

A 130, Appendix III.

This document may be used by nongovernmental organizations on a voluntary basis.  It is not

subject to copyright.

Nothing in this document should be taken to contradict standards and guidelines made

mandatory and binding upon federal agencies by the Secretary of Commerce under his

statutory authority.  Nor should these guidelines be interpreted as altering or superseding the

existing authorities of the Secretary of Commerce, the Director of the OMB, or any other

federal official.

1.2  Purpose and Scope

The purpose of Guidelines on Securing Public Web servers is to present security guidance for

the design, implementation, and operation of publicly accessible Web servers.  While intended

as recommended guidance for federal departments and agencies, it may be used in the private

sector on a voluntary basis.

This document should be used by organizations to enhance security on Web server systems,

and to reduce the number and frequency of Web related security incidents.  This document

presents generic principles that apply to all systems.  In addition, specific examples are

presented that address two of the more popular Web server applications: Apache and

Microsoft Internet Information Server (IIS).

This guideline does NOT cover the following aspects relating to securing a Web site:

Securing other types of network servers

Firewalls and routers used to protect Web servers beyond a basic discussion in

Section 8

Security considerations related to Web client (browser) software

Special considerations for high traffic Web sites with multiple hosts

 For more information on securing Web browsers see NIST Special Publication 800 46,

Security for Telecommuting

and Broadband Communications (

http://csrc.nist.gov/publications/nistpubs/index.html

).





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Web Hosting SSH

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Web Hosting SSH
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved