Guidelines on Securing Public Web Servers


1.  Identify information that should be published on the Web  


2.  Identify the target audience (why publish if no audience exists?) 


3.  Identify possible negative ramifications of publishing the information  


4.  Identify who should be responsible for creating, publishing, and maintaining this 


particular information 


5.  Create or format information for Web publishing 


6.  Review the information for sensitivity and distribution/release controls (including the 


sensitivity of the information in aggregate) 


7.  Determine the appropriate access and security controls 


8. Publish 


information 


9.  Verify published information. 


10.  Periodically review published information to confirm continued compliance with 


organizational guidelines.   


An area of Web content that is often overlooked is the information sometimes hidden within 


the source code of a Web page.  This can be viewed from any Web browser through the use of 


the  view source code  menu option.  Organizations often do not pay attention to the contents 


of the source code on their Web site, even though this code can contain sensitive information.  


The source code can, for example, contain points of contact and reveal portions of the directory 


structure of the Web server.  Attackers will scour not only the obvious content of the Web site 


but also the hidden source code; thus, Web administrators or Webmasters should periodically 


review code on their public Web server.   


6.2  Regulations Regarding the Collection of Personal Information 


Federal and state laws and regulations apply to the collection of user information on publicly 


accessible government Web sites.  In addition, many government agencies have privacy 


guidelines that address the type of information that could be collected about users.  


Governmental organizations with Web sites should be aware of the appropriate and applicable 


laws, regulations, and agency guidelines.  Private organizations may wish to use these 


guidelines and examples of sound security practices but should consult appropriate legal 


counsel and their privacy officials for the applicable legal and policy implications.  However, 


federal laws, regulations, and applicable agency guidelines do apply to commercial 


organizations that operate Web sites on behalf of federal agencies.  Organizations should be 


aware of changes to legal, regulatory, and contractual issues and seek advice from 


knowledgeable legal and policy experts. 


Most federal agencies are prohibited from collecting personally identifying information on 


publicly accessible Web sites without the explicit permission of the user.  This personal 


information includes the following: 


    


Name 


39






  

    

      

    
    
Home

    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    

    

     
    Web Hosting SSH



    

    

    

      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved