NIST 800-44 Version 2 Guidelines on Securing Public Web Servers

More documents

Recommendations

Info

GUIDELINES ON SECURING PUBLIC WEB SERVERS [<strong>NIST</strong>02b] [<strong>NIST</strong>06a] [<strong>NIST</strong>06b] [<strong>NIST</strong>06c] [<strong>NIST</strong>07] John Wack et al., <strong>NIST</strong> Special Publication <strong>800</strong>-42, Guideline on Network Security Testing, February 2002, http://csrc.nist.gov/publications/nistpubs/index.html Marianne Swanson et al., <strong>NIST</strong> Special Publication <strong>800</strong>-18 Revision 1, Guide for Developing Security Plans for Federal Information Systems, February 2006, http://csrc.nist.gov/publications/nistpubs/index.html Karen Kent and Murugiah Souppaya, <strong>NIST</strong> Special Publication <strong>800</strong>-92, Guide to Computer Security Log Management, April 2006, http://csrc.nist.gov/publications/nistpubs/index.html Miles Tracy et al., <strong>NIST</strong> Special Publication <strong>800</strong>-45, <strong>Version</strong> 2, <strong>Guidelines</strong> on Electronic Mail Security, February 2007, http://csrc.nist.gov/publications/nistpubs/index.html Karen Scarfone and Peter Mell, <strong>NIST</strong> Special Publication <strong>800</strong>-94, Guide to Intrusion Detection and Prevention Systems (IDPS), February 2007, http://csrc.nist.gov/publications/nistpubs/index.html [NVD06] National Vulnerability Database, CVE-2005-0233, September 2006, http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0233 [Ollm04] [Ollm05] Gunter Ollman, The Phishing Guide: Understanding and Preventing Phishing Attacks, NGSSoftware, September 2004, http://www.nextgenss.com/papers/NISR-WP- Phishing.pdf Gunter Ollman, The Pharming Guide: Understanding and Preventing DNS-Related Attacks by Phishers, NGSSoftware, August 2005, http://www.nextgenss.com/papers/ThePharmingGuide.pdf [OMB00a] Office of Management and Budget Memorandum 2000-13, 2000, http://www.whitehouse.gov/omb/memoranda/m00-13.html [OMB00b] Office of Management and Budget Cookie Clarification Letter 1, 2000, http://www.whitehouse.gov/omb/inforeg/cookies_letter72<strong>800</strong>.html [OMB00c] Office of Management and Budget Cookie Clarification Letter 2, 2000, http://www.whitehouse.gov/omb/inforeg/cookies_letter90500.html [OWASP06] Open Web Application Security Project (OWASP), OWASP Guide, March 2006, http://owasp.cvs.sourceforge.net/*checkout*/owasp/guide/current%20draft.pdf [RSA00] PKCS #10 <strong>Version</strong> 1.7, Certification Request Syntax Standard, May 26, 2000, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-10/pkcs-10v1_7.pdf [Salt75] Jerome H. Saltzer and Michael Schroeder, “The Protection of Information in Computer Systems,” Proceedings of the IEEE, Vol. 63, pages 1278–1308 [Scam01] Joel Scambray et al., Hacking Exposed Second Edition, McGraw-Hill, 2001 [Schn00] Bruce Schneier, Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons Inc., 2000 D-2
GUIDELINES ON SECURING PUBLIC WEB SERVERS [SPID06] SPI Dynamics, AJAX Security Dangers, 2006, http://www.spidynamics.com/assets/documents/AJAXdangers.pdf [SSL98] Introduction to SSL, Netscape Communication, Netscape Corporation, 1998, http://docs.sun.com/source/816-6156-10/contents.htm [Unsp06] Unspam Technologies, How to Avoid Being Harvested by Spambots, http://www.projecthoneypot.org/how_to_avoid_spambots.php [Whit06] James A. Whittaker, “How to Think About Security,” IEEE Security & Privacy, Vol. 4, Issue 2, Mar–Apr 2006, pages 68–71 [WWW01] [Ziri02] The World Wide Web Security FAQ, September 2001, http://www.w3.org/Security/Faq/ Neal Ziring, Web Server Execution: System and Security Issues, presented to Information Assurance Technical Framework Forum, March 1, 2002 D-3
Page 1 and 2:
Special Publication 800</st
Page 3 and 4:
GUIDELINES ON SECURING PUBLIC WEB S
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76: GUIDELINES ON SECURING PUBLIC WEB S
Page 125: GUIDELINES ON SECURING PUBLIC WEB S
show all

NIST 800-44 Version 2 Guidelines on Securing Public Web Servers

Create successful ePaper yourself

Delete template?

Save as template?