NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
9.2 <strong>Web</strong> Server Backup Procedures..............................................................................9-5<br />
9.2.1 <strong>Web</strong> Server Backup Policies and Strategies ................................................9-5<br />
9.2.2 Maintain a Test <strong>Web</strong> Server .........................................................................9-7<br />
9.2.3 Maintain an Authoritative Copy of Organizati<strong>on</strong>al <strong>Web</strong> C<strong>on</strong>tent ..................9-8<br />
9.3 Recovering From a Security Compromise ...............................................................9-9<br />
9.4 Security Testing <strong>Web</strong> <strong>Servers</strong> ...............................................................................9-11<br />
9.4.1 Vulnerability Scanning ................................................................................9-11<br />
9.4.2 Penetrati<strong>on</strong> Testing ....................................................................................9-12<br />
9.5 Remotely Administering a <strong>Web</strong> Server ..................................................................9-13<br />
9.6 Checklist for Administering the <strong>Web</strong> Server ..........................................................9-14<br />
Appendices<br />
Appendix A— Online <strong>Web</strong> Server Security Resources....................................................... A-1<br />
Appendix B— Glossary .......................................................................................................... B-1<br />
Appendix C— <strong>Web</strong> Security Tools and Applicati<strong>on</strong>s .......................................................... C-1<br />
Appendix D— References ...................................................................................................... D-1<br />
Appendix E— <strong>Web</strong> Server Security Checklist...................................................................... E-1<br />
Appendix F— Acr<strong>on</strong>ym List................................................................................................... F-1<br />
Appendix G— Index................................................................................................................G-1<br />
List of Tables and Figures<br />
Figure 7-1. SSL/TLS Locati<strong>on</strong> within the Internet Protocol Stack .............................................7-3<br />
Table 7-1. SSL/TLS Cipher Suites............................................................................................7-7<br />
Figure 7-2. Sample CSR...........................................................................................................7-9<br />
Figure 7-3. Sample Encoded SSL/TLS Certificate..................................................................7-10<br />
Figure 8-1. Simple Single-Firewall DMZ ...................................................................................8-2<br />
Figure 8-2. Two-Firewall DMZ ..................................................................................................8-2<br />
Figure 8-3. Service Leg DMZ....................................................................................................8-3<br />
Figure 8-4. Outsourced <strong>Web</strong> Server Hosting............................................................................8-4<br />
vi