Guidelines on Securing Public Web Servers

Completed 

Action 

Configuring a secure Web content directory 

Dedicate a single hard drive or logical partition for Web content and 

establish related subdirectories exclusively for Web server content 

files, including graphics but excluding scripts and other programs 

Define a single directory exclusively for all external scripts or 

programs executed as part of Web server content (e.g., CGI, ASP) 

Disable the execution of scripts that are not exclusively under the 

control of administrative accounts.  This action is accomplished by 

creating and controlling access to a separate directory intended to 

contain authorized scripts 

Create the user groups for the computer.  

Disable the use of hard or symbolic links (a.k.a., shortcuts for 

Windows). 

Define a complete Web content access matrix.  Identify which 

folders and files within the Web server document are restricted and 

which are accessible (and by whom) 

Check the organization's password policy, and set account 

passwords appropriately (e.g., length, complexity) 

Use robots.txt file if appropriate  

Using file integrity checkers 

Install a file integrity check to protect Web server configuration 

files, password files and Web content  

Update file integrity checksums whenever an upgrade or content 

changed occurs  

Store checksum on protected write once media  

Regularly compare checksums  

36