Guidelines on Securing Public Web Servers

Tracy, Miles; Jansen, Wayne; Scarfone, Karen; Winograd, Theodore

doi:https://doi.org/10.6028/NIST.SP.800-44ver2

SP 800-44 Version 2

Guidelines on Securing Public Web Servers

Documentation Topics

Date Published: September 2007

Supersedes: SP 800-44 (10/09/2002)

Author(s)

Miles Tracy (Federal Reserve Information Technology), Wayne Jansen (NIST), Karen Scarfone (NIST), Theodore Winograd (BAH)

Abstract

Web servers are often the most targeted and attacked hosts on organizations' networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. This document is intended to assist organizations in installing, configuring, and maintaining secure public Web servers. Practices described in detail include choosing Web server software and platforms, securing the underlying operating system and Web server software, deploying appropriate network protection mechanisms, and using, publicizing, and protecting information in a careful and systematic manner. The publication also provides recommendations for maintaining secure configurations through patching and upgrades, security testing, log monitoring, and backups of data and operating system files.

Keywords

Web server; Web server security

Control Families

Audit and Accountability; Configuration Management; Contingency Planning; Identification and Authentication; Planning; System and Communications Protection

Documentation

Publication:
SP 800-44 Version 2 (DOI)
Local Download

Supplemental Material:
None available

Document History:
10/09/07: SP 800-44 Version 2 (Final)

Topics

Security and Privacy
general security & privacy; planning

Laws and Regulations
E-Government Act; Federal Information Security Modernization Act; Homeland Security Presidential Directive 7; OMB Circular A-130