[ISN] Web server defense drafted

From: InfoSec News (isnat_private)
Date: Tue Mar 05 2002 - 00:29:26 PST

  • Next message: InfoSec News: "RE: [ISN] [TSCM-L] Security? Huh!"

    By Diane Frank 
    March 4, 2002
    Tackling one of the prime targets on a network for cyberattacks, the 
    National Institute of Standards and Technology released a draft of its 
    new guidance on securing public Web servers March 1.
    The draft special publication is intended for technical personnel, as 
    it contains detailed guidance and checklists on how to configure the 
    Web server itself, as well as the underlying operating system and 
    security products, such as firewalls and intrusion detection systems.
    The guide also covers security administration procedures for Web 
    servers, including logging, backup, recovery, testing and remote 
    In the appendices, the guide outlines the steps to secure the two most 
    commonly used Web servers, the open-source Apache server and Microsoft 
    Corp.'s Internet Information Server. 
    Comments on the draft are due to Wayne Jansen (jansenat_private) by 
    March 28.
    [NIST draft: "Guidelines on Securing Public Web Servers]
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 03:58:16 PST