[REVS] Apache Security Configuration Guide
From: support@securiteam.comDate: 03/26/02
- Previous message: support@securiteam.com: "[NT] SouthWest Telnet Server Vulnerable to a DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 26 Mar 2002 11:36:32 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Apache Security Configuration Guide
------------------------------------------------------------------------
SUMMARY
Included below is a recommended security configuration guide for the
Apache web server, designed to provide security administrators with a
method of configuring an installation based on the agreed security risk
profile of the target system.
The security configuration document divides recommendations into levels
"Premium", "Standard", and "Basic", and covers a variety of installation,
configuration and ongoing management tasks, including:
* Linux and Windows Installation Requirements
* Apache Base Installation
* Identification and Authentication
* Privacy and Encryption
* Access Control
* Auditing
* WebSphere
DETAILS
Introduction:
The following is a recommended security checklist for the Apache web
server. This document should be used as a guide to the installation and
configuration of Apache Servers in conjunction with an agreed security
plan for the identified system. The document is designed for use by
experienced IT administrators.
Some of the settings may be dependant on the patch levels of the
components in use, and therefore differences may exist between this
document and the actual file paths and access control settings on your
machine. Users are encouraged to notify Intersect Alliance of any errors
or omissions.
The security configuration parameters that are graded according to
arbitrary levels of PREMIUM, STANDARD or BASIC. These ratings are relative
and should not be read in absolute terms. A number of security grades
refer to a "risk assessment". It is strongly recommended that a security
risk assessment be used to ensure that the most appropriate grade is
chosen for a given production environment.
ADDITIONAL INFORMATION
The complete guide can be downloaded from:
<http://www.intersectalliance.com/projects/ApacheConfig/index.html>
http://www.intersectalliance.com/projects/ApacheConfig/index.html
The information has been provided by
<mailto:Leigh.Purdie@intersectalliance.com> Leigh Purdie.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] SouthWest Telnet Server Vulnerable to a DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
