Nist sp 800-44 Guidelines on Securing Public web Servers: Nist sp 800-44 Version 2 (en Inglés)
Reseña del libro "Nist sp 800-44 Guidelines on Securing Public web Servers: Nist sp 800-44 Version 2 (en Inglés)"
NIST SP 800-44 Version 2 September 2007 If you like this book, please leave positive review. The World Wide Web (WWW) is a system for exchanging information over the Internet. At the most basic level, the Web can be divided into two principal components: Web servers, which are applications that make information available over the Internet (in essence, publish information), and Web browsers (clients), which are used to access and display the information stored on the Web servers. This document focuses on the security issues of Web servers. Unfortunately, Web servers are often the most targeted and attacked hosts on organizations’ networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. The following are examples of specific security threats to Web servers: Malicious entities may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access to the Web server. Examples of this unauthorized access include gaining access to files or folders that were not meant to be publicly accessible (e.g., directory traversal attacks) and being able to execute commands and/or install software on the Web server. Denial of service (DoS) attacks may be directed to the Web server or its supporting network infrastructure, denying or hindering valid users from making use of its services. Sensitive information on the Web server may be read or modified without authorization. Sensitive information on backend databases that are used to support interactive elements of a Web application may be compromised through command injection attacks (e.g., Structured Query Language [SQL] injection, Lightweight Directory Access Protocol (LDAP) injection, cross-site scripting [XSS]). Sensitive information transmitted unencrypted between the Web server and the browser may be intercepted. Information on the Web server may be changed for malicious purposes. Web site defacement is a commonly reported example of this threat. Malicious entities may gain unauthorized access to resources elsewhere in the organization’s network via a successful attack on the Web server. Malicious entities may attack external entities after compromising a Web server host. These attacks can be launched directly (e.g., from the compromised host against an external server) or indirectly (e.g., placing malicious content on the compromised Web server that attempts to exploit vulnerabilities in the Web browsers of users visiting the site). The server may be used as a distribution point for attack tools, pornography, or illegally copied software. Why buy a book you can download for free? First you gotta find it and make sure it’s the latest version, not always easy. Then you gotta print it using a network printer you share with 100 other people – and its outta paper – and the toner is low (take out the toner cartridge, shake it, then put it back). If it’s just 10 pages, no problem, but if it’s a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that’s paid $75 an hour has to do this himself (who has assistant’s anymore?). If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money. It’s much more cost-effective to just order the latest version from Amazon.com This public domain material is published by 4th Watch Books. We publish tightly-bound, full-size books at 8 ½ by 11 inches, with glossy covers. 4th Watch Books is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology. A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at Amazon.com.
