Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
4Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Web Server Stig v6r1

Web Server Stig v6r1

Ratings:

5.0

(1)
|Views: 17,774|Likes:
Published by ram5584

More info:

Published by: ram5584 on Jul 01, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

02/01/2013

pdf

text

original

 
 
UNCLASSIFIED
WEB SERVER
SECURITY TECHNICAL IMPLEMENTATION GUIDEVersion 6, Release 111 December 2006
Developed by DISA for the DoD
 
Web Server STIG, V6R1 DISA Field Security Operations11 December 2006 Developed by DISA for the DoD
 
UNCLASSIFIED
 ii
This page is intentionally left blank.
 
Web Server STIG, V6R1 DISA Field Security Operations11 December 2006 Developed by DISA for the DoD
 
UNCLASSIFIED
 iii
TABLE OF CONTENTSPageSUMMARY OF CHANGES.....................................................................................................VII
 
1. INTRODUCTION.....................................................................................................................1
 1.1 Background..........................................................................................................................11.2 Authority..............................................................................................................................21.3 Scope...................................................................................................................................21.4 Writing Conventions............................................................................................................31.5 Vulnerability Severity Code Definitions.............................................................................41.6 DISA Information Assurance Vulnerability Management (IAVM)....................................41.7 STIG Distribution................................................................................................................51.8 Document Revisions............................................................................................................5
2. GENERAL INFORMATION..................................................................................................7
 2.1 Web Server Security Administration...................................................................................72.2 Recommended Process for Content Approval and Posting.................................................82.3 Private and Public Web Servers..........................................................................................92.4 Network Configuration........................................................................................................92.5 Levels of Access Controls to Private Web Servers...........................................................112.6 Passwords..........................................................................................................................122.7 Web Server Backup and Recovery....................................................................................13
3. WEB SERVER SOFTWARE SECURITY..........................................................................15
 3.1 Open Source Software.......................................................................................................163.2 Service Packs and Patches.................................................................................................163.3 Installation.........................................................................................................................173.4 Configuration.....................................................................................................................183.5 Access Controls.................................................................................................................193.6 Restrict Remote Authoring................................................................................................203.7 Web Log Files and Banner Page.......................................................................................213.7.1 Log Files.................................................................................................................213.7.2 Recommended Banner Page With Logging Policy................................................223.8 Development Web Servers................................................................................................223.9 Classified Web Servers......................................................................................................233.10 File and Directory Access Rights for Web Servers.........................................................233.11 Microsoft Operating Systems..........................................................................................243.12 PKI...................................................................................................................................243.12.1 PKI Server Certificates.........................................................................................243.13 SSL/TLS..........................................................................................................................253.14 Symbolic Links................................................................................................................26
4. WEB SCRIPTS AND PROGRAM SECURITY..................................................................27
 4.1 General...............................................................................................................................274.2 CGI Programs....................................................................................................................284.3 Unvalidated Input..............................................................................................................294.4 Mobile Code......................................................................................................................30

Activity (4)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Julian Figueroa liked this
ecorradi liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->