Berkeley Lab Computer Protection Program: Resources

Emergencies | Site Index | Contact Us


	CPP Home

	Contacts

	Policy Guidelines

	Scan Information

	System Procedures

	Tools & Services

	ALERTS

	Recent CPP Actions

	News & Articles

	CPP Intranet

PROCEDURES FOR SECURING SYSTEMS

Web & FTP Server Security

General Information
Securing IIS Web Servers
Securing Apache Web Servers
Resources
<< Back to Network & Internet Security

_____________

General Information

Web servers and FTP servers both perform similar functions and have related security issues. If misconfigured or insufficiently monitored, either can be exploited to gain access to computers and private data. Ideally, you should avoid running either of these types of servers except where it's absolutely necessary. If you do run one of these servers, then you must make certain that it's properly configured, keep up to date on patches and other security issues, and carefully monitor the server.

There are a number of excellent resources both at Berkeley Lab and elsewhere on the web to help you safely configure and manage these servers. Web Security Notes has good information specific to the Lab as well as lots of links to other sites. In addition, this page provides information pertaining to the popular IIS Web servers.

	*Web Server Resources*
	attrition.org (reports defacements & break-ins) Computer Threats and Vulnerabilities Hot Fixes for IIS 4.0 running on NT 4.0 with SP6a Hot Fixes for IIS 5.0 running on Windows 2000 with SP2 Hot Fixes: Microsoft Post-Service Pack Hot Fixes Microsoft Internet Information Server 4.0 Security Checklist SecuredIIS.vbs, a Visual Basic script, that eliminates many vulnerabilities in IIS Web servers W3C—The WWW Security FAQ