NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Completed<br />
Acti<strong>on</strong><br />
Switches are c<strong>on</strong>figured in high-security mode to defeat ARP spoofing and ARP<br />
pois<strong>on</strong>ing attacks<br />
Switches are c<strong>on</strong>figured to send all traffic <strong>on</strong> network segment to network-based IDPS<br />
Evaluate load balancers<br />
Load balancers are used to increase <strong>Web</strong> server availability<br />
Load balancers are augmented by <strong>Web</strong> caches if applicable<br />
Evaluate reverse proxies<br />
Reverse proxies are used as a security gateway to increase <strong>Web</strong> server availability<br />
Reverse proxies are augmented with encrypti<strong>on</strong> accelerati<strong>on</strong>, user authenticati<strong>on</strong>, and<br />
c<strong>on</strong>tent filtering capabilities, if applicable<br />
Administering the <strong>Web</strong> Server<br />
Completed<br />
Perform logging<br />
Acti<strong>on</strong><br />
Use the combined log format for storing the Transfer Log or manually c<strong>on</strong>figure the<br />
informati<strong>on</strong> described by the combined log format to be the standard format for the<br />
Transfer Log<br />
Enable the Referrer Log or Agent Log if the combined log format is unavailable<br />
Establish different log file names for different virtual <strong>Web</strong> sites that may be<br />
implemented as part of a single physical <strong>Web</strong> server<br />
Use the remote user identity as specified in RFC 1413<br />
Store logs <strong>on</strong> a separate (syslog) host<br />
Ensure there is sufficient capacity for the logs<br />
Archive logs according to organizati<strong>on</strong>al requirements<br />
Review logs daily<br />
Review logs weekly (for more l<strong>on</strong>g-term trends)<br />
Use automated log file analysis tool(s)<br />
Perform <strong>Web</strong> server backups<br />
Create a <strong>Web</strong> server backup policy<br />
Back up <strong>Web</strong> server differentially or incrementally <strong>on</strong> a daily to weekly basis<br />
Back up <strong>Web</strong> server fully <strong>on</strong> a weekly to m<strong>on</strong>thly basis<br />
Periodically archive backups<br />
Maintain an authoritative copy of <strong>Web</strong> site(s)<br />
Recover from a compromise<br />
Report the incident to the organizati<strong>on</strong>’s computer incident resp<strong>on</strong>se capability<br />
Isolate the compromised system(s) or take other steps to c<strong>on</strong>tain the attack so<br />
additi<strong>on</strong>al informati<strong>on</strong> can be collected<br />
Investigate similar hosts to determine if the attacker has also compromised other<br />
systems<br />
C<strong>on</strong>sult, as appropriate, with management, legal counsel, and law enforcement<br />
officials expeditiously<br />
Analyze the intrusi<strong>on</strong><br />
Restore the system<br />
E-8