NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Least privilege, 2-3<br />
Links, 5-4<br />
Load balancers, 8-12<br />
Log files, 5-3, 9-1<br />
Logging, 5-4, 8-8, 9-1<br />
Malware, 4-6<br />
Management c<strong>on</strong>trols, 3-6<br />
Management network, 8-5<br />
Metacharacters, 6-16<br />
Microsoft ASP.NET, 6-13<br />
Misc<strong>on</strong>figurati<strong>on</strong>, 2-1<br />
L<br />
M<br />
N<br />
Network administrators, 3-5<br />
Network infrastructure, 8-1, 8-5<br />
Network switches, 8-11<br />
N<strong>on</strong>ce, 7-2<br />
O<br />
Operating system c<strong>on</strong>figurati<strong>on</strong>, 4-2<br />
Operating system security, 4-1<br />
Outsourced hosting, 8-4<br />
P<br />
Password policy, 4-4<br />
Patch management software, 4-6<br />
Patches, 4-1, 5-1<br />
Penetrati<strong>on</strong> testing, 4-7, 9-11, 9-12<br />
Permissi<strong>on</strong>s, 5-3, 6-17<br />
Pers<strong>on</strong>al informati<strong>on</strong>, 6-3<br />
Pers<strong>on</strong>nel, 3-8<br />
Pharming, 6-7<br />
Phishing, 6-5<br />
Physical security, 3-3<br />
Planning, 3-1<br />
Platforms, 3-9<br />
Pre-hardened platforms, 3-11<br />
Pre-shared secrets, 6-8<br />
<strong>Public</strong> key encrypti<strong>on</strong>, 7-5<br />
R<br />
Referrer log, 9-2<br />
Referrer logs, 5-5<br />
Reverse proxies, 3-11, 8-12<br />
Risk assessment, 3-6<br />
Risk management, 3-6<br />
Robots Exclusi<strong>on</strong> Protocol (REP), 5-7<br />
robots.txt, 5-7<br />
Rootkit detector, 4-6<br />
Routers, 8-1, 8-5<br />
Sandbox security model, 6-10<br />
Scripts, 5-5<br />
Secure programming, 3-6<br />
Secure Sockets Layer (SSL), 7-3<br />
Secure Sockets Layer (SSL) accelerators, 3-10<br />
Security appliances, 3-10<br />
Security c<strong>on</strong>figurati<strong>on</strong> checklist, 4-1<br />
Security c<strong>on</strong>trols, 3-8, 4-6<br />
Security gateways, 3-10, 8-12<br />
Security policy, 2-2, 3-6<br />
Security testing, 4-7, 9-11<br />
Security training, 3-6<br />
Senior IT Management, 3-4<br />
Sensitive informati<strong>on</strong>, 6-2, 7-1<br />
Separati<strong>on</strong> of privilege, 2-3<br />
Server authenticati<strong>on</strong>, 7-3<br />
Server Side Includes (SSI), 6-13<br />
Services, 4-3<br />
Shortcuts, 5-4<br />
Source code viewing, 6-3<br />
Spambots, 5-7, 5-9<br />
Spiders, 5-6<br />
Standardized c<strong>on</strong>figurati<strong>on</strong>, 3-6<br />
Symbolic links, 5-5<br />
Symmetric key encrypti<strong>on</strong>, 7-5<br />
SYN flood, 5-4<br />
System security plan, 3-7<br />
S<br />
T<br />
Threats, 2-1<br />
Transfer log, 9-1<br />
Transport Layer Security (TLS), 7-3<br />
Trusted operating systems (TOS), 3-9<br />
U<br />
Uniform Resource Identifier (URI), 5-5<br />
Upgrades, 4-1, 5-1<br />
Uploads, 5-4<br />
User accounts, 4-4<br />
V<br />
Virtualized platforms, 3-12<br />
Visual Basic Script (VBScript), 6-11<br />
Vulnerabilities, 2-2, 4-1, 6-10, 6-12, 6-17<br />
Vulnerability scanners, 9-11<br />
Vulnerability scanning, 4-7, 6-15, 9-11<br />
W<br />
<strong>Web</strong> applicati<strong>on</strong> developers, 3-5<br />
<strong>Web</strong> bots, 5-6<br />
<strong>Web</strong> browsers, 7-3<br />
<strong>Web</strong> c<strong>on</strong>tent, 5-3, 5-4, 5-6, 7-2, 8-6<br />
<strong>Web</strong> c<strong>on</strong>tent security, 6-1<br />
<strong>Web</strong> publishing process, 6-1<br />
<strong>Web</strong> server administrators, 3-5, 4-4<br />
G-2