Guidelines on Securing Public Web Servers

8.3 

Network Infrastructure Checklist 

Completed 

Action 

Network location 

The Web server is located in a DMZ or outsourced to an 

organization that appropriately protects the firewall 

The DMZ is not located on the third (or more) interface of the 

firewall 

Firewall configuration 

Web server is protected by a firewall 

Web server if it faces a higher threat or if it is more vulnerable, is 

protected by an application layer firewall 

Firewall controls all traffic between the Internet and the Web server 

Firewall blocks all inbound traffic to the Web server except TCP 

ports 80 (HTTP) and/or 443 (HTTPS using SSL/TLS) 

Firewall blocks (in conjunction with IDS) IP addresses or subnets 

that the IDS reports are attacking the organizational network 

Firewall notifies the network or Web administrator of suspicious 

activity through an appropriate means 

Firewall provides content filtering 

Firewall configured to protect against of service attacks 

Firewall detects malformed or known attack URL requests 

Firewall logs critical events  

Firewall and firewall operating system patched to latest or most 

secure level 

Intrusion detection systems (IDS) 

Host based IDS used for Web servers that operate primarily 

SSL/TLS  

IDS configured to monitor network traffic before any firewall or 

filter router (network based) 

IDS configured to monitor traffic network traffic to and from the 

Web server after firewall 

IDS configured to monitor changes to critical files on Web server 

(host based or file integrity checker) 

IDS blocks (in conjunction with the firewall) IP addresses or subnets 

that are attacking the organizational network 

IDS notifies the network or Web administrator of attacks through 

appropriate means   

IDS configured to detect port scanning probes 

IDS configured to detect DoS 

IDS configured to detect malformed URL requests 

IDS configured to log events  

IDS updated with new attack signatures frequently (weekly basis) 

76