IT Baseline Protection Manual - The Information Warfare Site

Data Transmission Systems WWW server
_________________________________________________________________________________________
Organisation:
- S 2.35 (1) Obtaining information on security weaknesses of the system
- S 2.172 (1) Developing a concept for using the WWW
- S 2.173 (1) Determining a WWW security strategy
- S 2.174 (1) Secure operation of a WWW server
- S 2.175 (2) Setting up a WWW server
- S 2.176 (2) Selection of a suitable Internet service provider
Personnel:
- S 3.4 (1) Training before actual use of a program
- S 3.5 (1) Education on IT security measures
- S 3.10 (1) Selection of a trustworthy administrator and his substitute
- S 3.11 (1) Training of maintenance and administration staff
Hardware & Software:
- S 4.33 (1) Use of a virus scanning program when exchanging of data media and data
transmission
- S 4.34 (2) Using encryption, checksums or digital signatures (optional)
- S 4.44 (2) Checking of incoming data for macro viruses
- S 4.64 (1) Verification of data before transmission / elimination of residual information
- S 4.65 (2) Testing of new hardware and software
- S 4.78 (1) Careful modifications of configurations
- S 4.93 (1) Regular integrity checking
- S 4.94 (1) Protection of WWW files
- S 4.95 (1) Minimal operating system
- S 4.96 (2) Deactivating DNS
- S 4.97 (2) One service per server
- S 4.98 (1) Restricting communication to a minimum with packet filters
- S 4.99 (2) Protection against subsequent changes to information
Communications:
- S 5.45 (2) Security of WWW browsers
- S 5.59 (1) Protection against DNS spoofing
- S 5.64 (2) Secure Shell (optional)
- S 5.65 (2) Use of S-HTTP (optional)
- S 5.66 (2) Use of SSL (optional)
- S 5.69 (1) Protection against active content
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000