Guidelines on Securing Public Web Servers

Failed network login attempts should not prevent an authorized user or administrator from 

logging in at the console.  Note that all failed log in attempts whether via the network or 

console should be logged.  Also, if remote administration is not going to be implemented 

(see Section 9.5), disable the ability for the administrator or root level accounts to log in from 

the network.   

Install and configure other security mechanisms to strengthen authentication

.  If 

the information on the Web server requires it, consider using other authentication 

mechanisms such as tokens, client/server certificates, or one time password systems.  

Although they can be more expensive and difficult to implement, they may be 

justified in some circumstances.  When such authentication mechanisms and devices 

are used, the organization's policy should be reviewed to reflect in the way in which 

they are applied. 

Generate and distribute user account reports.  

In order to ensure that all 

unnecessary accounts are removed in a timely matter, it is critical for the organization 

to setup a system that generates reports of the user accounts that include information 

necessary to determine whether or not he account should remain active.  These reports 

should be disseminated to appropriate supervisors and management personnel to 

identify individuals who no longer require accounts.   

As mentioned earlier, intruders using network sniffers can easily capture reusable passwords 

passed across a network in clear text.  Consider implementing instead less vulnerable 

authentication and encryption technologies, such as Secure Shell (SSH) and Secure Socket 

Layer (SSL)/Transport Layer Security (TLS) (see Section 7.5). 

4.1.4  Configure Resource Controls Appropriately 

Many operating systems provide a capability to specify access privileges individually for files, 

directories, devices, and other computational resources.  By carefully setting access controls, 

the Web administrator can reduce intentional and unintentional security breaches.  For 

example, denying read access to files and directories helps protect confidentiality of 

information, whereas denying unnecessary write (modify) access can help protect the integrity 

of information.  Limiting the execution privilege of most system related tools to authorized 

system administrators can prevent users from making configuration changes that could reduce 

security.  It also can restrict the ability of intruders to use those tools to attack the system or 

other systems on the network.  Because operating system resource controls act in tandem with 

Web server resource controls, this topic is addressed in greater detail in Section 5.2. 

4.2  Security Testing the Operating System 

Periodic security testing of the operating system is a vital way to identify vulnerabilities and to 

ensure that the existing security precautions are effective.  Of the several methods for testing 

operating systems, the most popular are vulnerability scanning and penetration testing.  

Vulnerability scanning usually entails using an automated vulnerability scanner to scan a host 

or groups of hosts on a network for application, network, and operating system vulnerabilities.  

Penetration testing is a testing process designed to compromise a network using the tools and 

methodologies of an  attacker.   It is an iterative testing process that identifies the weakest 

areas of the network and exploits them to expand access to the remainder of the network.  The 

process eventually results in compromising the overall security of the network.  Vulnerability 

scanning should be conducted periodically, at least weekly to monthly, and penetration testing 

24