论文信息 - SP 800-44 Version 2. Guidelines on Securing Public Web Servers

SP 800-44 Version 2. Guidelines on Securing Public Web Servers

Web servers are often the most targeted and attacked hosts on organizations' networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. This document is intended to assist organizations in installing, configuring, and maintaining secure public Web servers. Practices described in detail include choosing Web server software and platforms, securing the underlying operating system and Web server software, deploying appropriate network protection mechanisms, and using, publicizing, and protecting information in a careful and systematic manner. The publication also provides recommendations for maintaining secure configurations through patching and upgrades, security testing, log monitoring, and backups of data and operating system files.

Karen A. Scarfone | Wayne Jansen | Miles C. Tracy | Theodore Winograd

[1] Bruce Schneier,et al. Secrets and Lies: Digital Security in a Networked World , 2000 .

[2] Steven M. Bellovin,et al. Unconventional Wisdom , 2006, IEEE Security & Privacy Magazine.

[3] Matt Curtin,et al. Developing Trust: Online Privacy and Security , 2001 .

[4] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[5] Julia H. Allen,et al. Securing Public Web Servers , 2000 .

[6] Karen A. Scarfone,et al. Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[7] Pete Chown,et al. Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) , 2002, RFC.

[8] Gary Ford,et al. Securing Network Servers , 1999 .

[9] Richard Ford,et al. How to think about security , 2006, IEEE Security & Privacy.