NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
NIST 800-44 Version 2 Guidelines on Securing Public Web Servers
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
GUIDELINES ON SECURING PUBLIC WEB SERVERS<br />
Appendix D—References<br />
[Alle00] Julia Allen et al., <strong>Securing</strong> Network <strong>Servers</strong>, April 2000,<br />
http://www.sei.cmu.edu/pub/documents/sims/pdf/sim010.pdf<br />
[APWG07] Anti-Phishing Working Group, Vendor Soluti<strong>on</strong>s, February 2007,<br />
http://www.antiphishing.org/soluti<strong>on</strong>s.html<br />
[Bell06] Steve Bellovin, “Unc<strong>on</strong>venti<strong>on</strong>al Wisdom,” IEEE Security & Privacy, Vol. 4, Issue 1,<br />
Jan–Feb 2006, page 88<br />
[Chow02]<br />
[Coop01]<br />
Pete Chown, Advanced Encrypti<strong>on</strong> Standard (AES) Ciphersuites for Transport Layer<br />
Security (TLS), RFC 3268, January 2002, http://www.ietf.org/rfc/rfc3268.txt<br />
Russ Cooper, 10 Steps to Better IIS Security, Informati<strong>on</strong> Security Magazine, August<br />
2001, http://www.infosecuritymag.com/articles/september01/features_IIS_security.shtml<br />
[Curt01] Matt Curtin, Developing Trust: Online Privacy and Security, November 2001<br />
[FTC02]<br />
[FTC06]<br />
[FTC06a]<br />
Federal Trade Commissi<strong>on</strong>, Email Address Harvesting: How Spammers Reap What You<br />
Sow, November 2002, http://www.<strong>on</strong>guard<strong>on</strong>line.gov/spam.html<br />
Federal Trade Commissi<strong>on</strong>, Pretexting: Your Pers<strong>on</strong>al Informati<strong>on</strong> Revealed, February<br />
2006, http://www.ftc.gov/bcp/c<strong>on</strong>line/pubs/credit/pretext.htm<br />
Federal Trade Commissi<strong>on</strong>, How Not to Get Hooked by a ‘Phishing’ Scam, October<br />
2006, http://www.ftc.gov/bcp/edu/pubs/c<strong>on</strong>sumer/alerts/alt127.htm<br />
[Google05] Google, Preventing Comment Spam, January 2005,<br />
http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html<br />
[Johans<strong>on</strong>05] Eric Johans<strong>on</strong>, The state of homograph attacks, February 2005,<br />
http://www.shmoo.com/idn/homograph.txt<br />
[Koss00] Klaus-Peter Kossakowski and Julia Allen, <strong>Securing</strong> <strong>Public</strong> <strong>Web</strong> <strong>Servers</strong>, 2000,<br />
http://www.sei.cmu.edu/pub/documents/sims/pdf/sim011.pdf<br />
[MASS99] Comm<strong>on</strong>wealth of Massachusetts, Executive Order 412, 1999,<br />
http://www.state.ma.us/c<strong>on</strong>sumer/New/privexeco.htm<br />
[Netcraft06] Netcraft, PayPal Security Flaw Allows Identity Theft, June 2006,<br />
http://news.netcraft.com/archives/2006/06/16/paypal_security_flaw_allows_identity_thef<br />
t.html<br />
[NISS99] Nati<strong>on</strong>al Informati<strong>on</strong> System Security Glossary, NSTISSI No. 4009, January 1999<br />
[<str<strong>on</strong>g>NIST</str<strong>on</strong>g>01]<br />
[<str<strong>on</strong>g>NIST</str<strong>on</strong>g>02a]<br />
Wayne A. Jansen, <str<strong>on</strong>g>NIST</str<strong>on</strong>g> Special <strong>Public</strong>ati<strong>on</strong> <str<strong>on</strong>g>800</str<strong>on</strong>g>-28, <str<strong>on</strong>g>Guidelines</str<strong>on</strong>g> <strong>on</strong> Active C<strong>on</strong>tent and<br />
Mobile Code, October 2001, http://csrc.nist.gov/publicati<strong>on</strong>s/nistpubs/index.html<br />
John Wack et al., <str<strong>on</strong>g>NIST</str<strong>on</strong>g> Special <strong>Public</strong>ati<strong>on</strong> <str<strong>on</strong>g>800</str<strong>on</strong>g>-41, <str<strong>on</strong>g>Guidelines</str<strong>on</strong>g> <strong>on</strong> Firewalls and<br />
Firewall Policy, January 2002, http://csrc.nist.gov/publicati<strong>on</strong>s/nistpubs/index.html<br />
D-1
Change language