Securing Public Web Servers
Abstract
The World Wide Web is one of the most important ways for your organization to publish information, interact with Internet users, and establish an e-commerce business presence. However, if you are not rigorous in securely configuring and operating a public Web site, you leave yourself and your organization vulnerable to a variety of security problems. You could find yourself in an embarrassing situation because malicious intruders have changed the content of your Web pages. Compromised Web sites have served as the entry point for intrusions into an organization's internal networks for the purpose of accessing confidential information. Your organization can face business losses or legal action if an intruder successfully violates the confidentiality of customer data. Denial of-service attacks can make it difficult, if not impossible, for users to access your Web site. This is especially critical if you are using your site to conduct business. The practices recommended here are designed to help you mitigate the risks associated with these and several other known security problems. They build upon and assume the implementation of all practices described in the security module Securing Network Servers Allen 00. You need to ensure that you first configure a secure general purpose server before tailoring its configuration to operate as a public Web server.
Document Details
- Document Type
- Technical Report
- Publication Date
- Apr 01, 2000
- Accession Number
- ADA379928
Entities
People
- Julia H. Allen
- Klaus-peter Kossakowski
Organizations
- Carnegie Mellon University