NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
<strong>Securing</strong> the <strong>Web</strong> Server Operating System<br />
Completed<br />
Patch and upgrade OS<br />
Acti<strong>on</strong><br />
Create, document, and implement a patching process<br />
Keep the servers disc<strong>on</strong>nected from networks or <strong>on</strong> an isolated network that severely<br />
restricts communicati<strong>on</strong>s until all patches have been installed<br />
Identify and install all necessary patches and upgrades to the OS<br />
Identify and install all necessary patches and upgrades to applicati<strong>on</strong>s and services<br />
included with the OS<br />
Identify and mitigate any unpatched vulnerabilities<br />
Remove or disable unnecessary services and applicati<strong>on</strong>s<br />
Disable or remove unnecessary services and applicati<strong>on</strong>s<br />
C<strong>on</strong>figure OS user authenticati<strong>on</strong><br />
Remove or disable unneeded default accounts and groups<br />
Disable n<strong>on</strong>-interactive accounts<br />
Create the user groups for the particular computer<br />
Create the user accounts for the particular computer<br />
Check the organizati<strong>on</strong>’s password policy and set account passwords appropriately<br />
(e.g., length, complexity)<br />
Prevent password guessing (e.g., increase the period between attempts, deny login<br />
after a defined number of failed attempts)<br />
Install and c<strong>on</strong>figure other security mechanisms to strengthen authenticati<strong>on</strong><br />
C<strong>on</strong>figure resource c<strong>on</strong>trols appropriately<br />
Deny read access to unnecessary files and directories<br />
Deny write access to unnecessary files and directories<br />
Limit the executi<strong>on</strong> privilege of system tools to system administrators<br />
Install and c<strong>on</strong>figure additi<strong>on</strong>al security c<strong>on</strong>trols<br />
Select, install, and c<strong>on</strong>figure additi<strong>on</strong>al software to provide needed c<strong>on</strong>trols not<br />
included in the OS, such as antivirus software, antispyware software, rootkit detectors,<br />
host-based intrusi<strong>on</strong> detecti<strong>on</strong> and preventi<strong>on</strong> software, host-based firewalls, and<br />
patch management software<br />
Test the security of the OS<br />
Identify a separate identical system<br />
Test OS after initial install to determine vulnerabilities<br />
Test OS periodically (e.g., quarterly) to determine new vulnerabilities<br />
<strong>Securing</strong> the <strong>Web</strong> Server<br />
Completed<br />
Securely install the <strong>Web</strong> server<br />
Acti<strong>on</strong><br />
Install the <strong>Web</strong> server software <strong>on</strong> a dedicated host or a dedicated virtualized guest<br />
OS<br />
Apply any patches or upgrades to correct for known vulnerabilities<br />
Create a dedicated physical disk or logical partiti<strong>on</strong> (separate from OS and <strong>Web</strong><br />
server applicati<strong>on</strong>) for <strong>Web</strong> c<strong>on</strong>tent<br />
E-2