NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Appendix G—Index<br />
A<br />
Access c<strong>on</strong>trol, 5-2, 5-5, 7-1<br />
Access c<strong>on</strong>trol lists (ACL), 8-2<br />
Account lockout, 4-5<br />
Active c<strong>on</strong>tent, 6-9, 6-15<br />
Client side, 6-10<br />
Server side, 6-12<br />
Vulnerabilities, 6-10, 6-12<br />
ActiveX, 6-11<br />
Address Resoluti<strong>on</strong> Protocol (ARP), 8-11<br />
Address-based authenticati<strong>on</strong>, 7-1<br />
Administrati<strong>on</strong>, 9-1<br />
Adobe Flash, 6-11<br />
Adobe Shockwave, 6-11<br />
Agent log, 9-2<br />
Aliases, 5-4<br />
Anti-phishing features, 6-6<br />
Antispyware software, 4-6<br />
Antivirus software, 4-6<br />
Applicati<strong>on</strong> layer firewalls, 8-7<br />
Asynchr<strong>on</strong>ous JavaScript and XML (AJAX), 6-11<br />
Attacks, 2-1<br />
Authenticati<strong>on</strong>, 4-4, 7-1, 7-3<br />
Authenticati<strong>on</strong> gateways, 3-10, 8-12<br />
Authoritative copy of <strong>Web</strong> site, 9-8<br />
Backup policy, 9-5<br />
Backups, 9-5<br />
Basic authenticati<strong>on</strong>, 7-2<br />
Botnets, 2-1<br />
Bots, 5-6, 7-2<br />
B<br />
C<br />
Certificate installati<strong>on</strong>, 7-11<br />
Certificates, 7-8<br />
Certificate-signing request (CSR), 7-8<br />
Certificati<strong>on</strong> and accreditati<strong>on</strong>, 3-7<br />
Change management, 3-6<br />
Chief Informati<strong>on</strong> Officer (CIO), 3-4<br />
Cipher suites, 7-6<br />
Client authenticati<strong>on</strong>, 7-3<br />
Combined Log Format, 9-2<br />
Commands, 5-5<br />
Comm<strong>on</strong> Gateway Interface (CGI), 6-13<br />
Comm<strong>on</strong> Log Format (CLF), 9-2<br />
Compromise, 9-9<br />
C<strong>on</strong>tent filters, 3-10, 8-12<br />
C<strong>on</strong>tent generators, 6-9, 6-12<br />
Server side, 6-15, 6-17<br />
C<strong>on</strong>tinuity of operati<strong>on</strong>s planning, 3-7<br />
Cookies, 5-6, 6-4<br />
Cross-site scripting (XSS), 6-17<br />
D<br />
Defense in depth, 2-4<br />
Demilitarized z<strong>on</strong>e (DMZ), 8-1<br />
Denial of service (DoS) attacks, 2-1, 5-2, 5-3, 5-4<br />
Deployment, 3-1<br />
Deployment plan, 3-1, 4-4<br />
Digest authenticati<strong>on</strong>, 7-2<br />
Directives, 5-5<br />
Directories, 5-2, 5-4<br />
Disaster recovery planning, 3-7<br />
Domain names, 6-7<br />
E<br />
Encrypti<strong>on</strong>, 4-6, 7-1, 7-3, 7-4, 7-6<br />
Encrypti<strong>on</strong> accelerators, 8-12<br />
Encrypti<strong>on</strong> algorithm, 7-7<br />
Error log, 9-2, 9-5<br />
Extended Log Format, 9-2<br />
File integrity checkers, 8-10<br />
Files, 5-4<br />
Firewalls, 4-6, 8-1, 8-5<br />
Groups, 4-4<br />
F<br />
G<br />
H<br />
Host-based intrusi<strong>on</strong> detecti<strong>on</strong> and preventi<strong>on</strong> software, 4-6<br />
Hypertext Preprocessor (PHP), 6-14<br />
Identificati<strong>on</strong>, 7-1<br />
Incident resp<strong>on</strong>se, 9-9<br />
Informati<strong>on</strong> Systems Security Officer (ISSO), 3-4<br />
Informati<strong>on</strong> Systems Security Program Manager, 3-4<br />
Input validati<strong>on</strong>, 2-2, 6-15, 6-17<br />
Intrusi<strong>on</strong> detecti<strong>on</strong> and preventi<strong>on</strong> systems (IDPS), 8-9<br />
Intrusi<strong>on</strong> detecti<strong>on</strong> systems (IDS), 8-9<br />
Intrusi<strong>on</strong> preventi<strong>on</strong> systems (IPS), 8-9<br />
I<br />
J<br />
Java, 6-10<br />
Java Enterprise Editi<strong>on</strong> (EE), 6-14<br />
JavaScript, 6-10<br />
G-1