NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
9.2.3 Maintain an Authoritative Copy of Organizati<strong>on</strong>al <strong>Web</strong> C<strong>on</strong>tent<br />
All organizati<strong>on</strong>s should maintain an authoritative (i.e., verified and trusted) copy of their public <strong>Web</strong><br />
sites <strong>on</strong> a host that is inaccessible to the Internet. This is a supplement to, but not replacement for, an<br />
appropriate backup policy (see Secti<strong>on</strong> 9.2.1). For simple, relatively static <strong>Web</strong> sites, this could be as<br />
simple as a copy of the <strong>Web</strong> site <strong>on</strong> a read-<strong>on</strong>ly medium (e.g., Compact Disc-Recordable [CD-R]).<br />
However, for most organizati<strong>on</strong>s, the authoritative copy of the <strong>Web</strong> site is maintained <strong>on</strong> a secure host.<br />
This host is usually located behind the organizati<strong>on</strong>’s firewall <strong>on</strong> the internal network and not <strong>on</strong> the<br />
DMZ (see Secti<strong>on</strong> 8.1.2). The purpose of the authoritative copy is to provide a means of restoring<br />
informati<strong>on</strong> <strong>on</strong> the public <strong>Web</strong> server if it is compromised as a result of an accident or malicious acti<strong>on</strong>.<br />
This authoritative copy of the <strong>Web</strong> site allows an organizati<strong>on</strong> to rapidly recover from <strong>Web</strong> site integrity<br />
breaches (e.g., defacement).<br />
To successfully accomplish the goal of providing and protecting an authoritative copy of the <strong>Web</strong> server<br />
c<strong>on</strong>tent, the following requirements must be met:<br />
Protect authoritative copy from unauthorized access.<br />
• Use write-<strong>on</strong>ce media (appropriate for relatively static <strong>Web</strong> sites).<br />
• Locate the host with the authoritative copy behind a firewall, and ensure there is no outside<br />
access to the host.<br />
• Minimize users with authorized access to host.<br />
• C<strong>on</strong>trol user access in as granular a manner as possible.<br />
• Employ str<strong>on</strong>g user authenticati<strong>on</strong>.<br />
• Employ appropriate logging and m<strong>on</strong>itoring procedures.<br />
• C<strong>on</strong>sider additi<strong>on</strong>al authoritative copies at different physical locati<strong>on</strong>s for further protecti<strong>on</strong>.<br />
Establish appropriate authoritative copy update procedures.<br />
• Update authoritative copy first (any testing <strong>on</strong> code should occur before updating the<br />
authoritative copy).<br />
• Establish policies and procedures for who can authorize updates, who can perform updates, when<br />
updates can occur, etc.<br />
Establish a process for copying authoritative copy to a producti<strong>on</strong> <strong>Web</strong> server.<br />
• Physically transfer data using secure physical media (e.g., encrypted and/or write-<strong>on</strong>ce media,<br />
such as CD-Rs).<br />
• Use a secure protocol (e.g., SSH) for network transfers.<br />
Include the procedures for restoring from the authoritative copy in the organizati<strong>on</strong>al incident<br />
resp<strong>on</strong>se procedures (see Secti<strong>on</strong> 9.3).<br />
9-8