Security awareness and training Contingency planning continuity of operations

Security awareness and training contingency planning

This preview shows page 10 - 12 out of 142 pages.

Security awareness and training ± Contingency planning, continuity of operations, and disaster recovery planning ± Certification and accreditation. Organizations should ensure that Web server operating systems are deployed, configured, and managed to meet the security requirements of the organization. The first step in securing a Web server is securing the underlying operating system. Most commonly available Web servers operate on a general-purpose operating system. Many security issues can be avoided if the operating systems underlying Web servers are configured appropriately. Default hardware and software configurations are typically set by manufacturers to emphasize features, functions, and ease of use, at the expense of security. Because manufacturers are not aware of each organization’s security needs, each Web server administrator must configure new servers to reflect their organization’s security requirements and reconfigure them as those requirements change. Using security configuration guides or checklists can assist administrators in securing systems consistently and efficiently. Securing an operating system initially would generally include the following steps: ± Patch and upgrade the operating system ± Remove or disable unnecessary services and applications ± Configure operating system user authentication ± Configure resource controls ± Install and configure additional security controls ± Perform security testing of the operating system. Organizations should ensure that the Web server application is deployed, configured, and managed to meet the security requirements of the organization. In many respects, the secure installation and configuration of the Web server application will mirror the operating system process discussed above. The overarching principle is to install the minimal amount of Web server services required and eliminate any known vulnerabilities through patches or upgrades. If the installation program installs any unnecessary applications, services, or scripts, they should be removed ES-3
Image of page 10