Web Server Security Measures

1. Updates from Vendor
   1. Apply all service packs in a timely fashion
   2. Apply all applicable hot fixes in a timely fashion
   3. Apply all other software updates & patches
2. Virus / Worm Protection
   1. Keep Anti-Virus Software Current with most recent definitions
   2. Disable the execution of system utilities to prevent anonymous users from exploiting potential (both known & unknown) security vulnerabilities (Most worms travel via this method)
   3. Scan requested URL’s for false requests to again prevent known & unknown security vulnerabilities. Example: The web server will ignore any request for cmd.exe.
   4. Ports that are not needed for functional use are closed and not operable. This reduces the risk of an attacker opening additional ports on the system with back door entry ways. This also reduces the risk of infection by lowering the number of possible attack scenarios.
3. Log Monitoring
   1. Event Log is monitored daily to check for both faulty server activity and prohibited activity.
   2. The Web Service & FTP Service logs are monitored daily to check for prohibited activity and misuse.
4. Permissions
   1. All server permissions are carefully selected and set to ensure privacy from both outside anonymous users and other clients homed on the web server.
   2. Users are prevented from accessing files and folders that aren’t explicitly needed regardless if a risk is known – this prevents unknown vulnerabilities as well.
   3. Anonymous users are denied all access to the server aside from http. This prevents intrusion that would take methods aside from http attacks.
5. Auditing
   1. Regularly scheduled audits are performed from the intruder’s standpoint to attempt a break-in to a server. This is in hope of us identifying a vulnerability before an intruder.