Elements and Performance Criteria
- Determine business security requirements
- Ensure web server security
- Ensure that web server password is obscure and non-traceable
- Install and maintain an effective intrusion detection system according to business requirements
- Ensure that user accounts have only the required permissions on the server
- Ensure that interpreters’ programs that run common gateway interfaces (CGIs) are not stored in the CGI-bin directory
- Ensure that web forms check data before passing it to the server
- Ensure protocol security
- Protect fixed internet connection and internet protocol (IP) address
- Protect shared network resources from intrusion according to business requirements
- Ensure that personal computer (PC) protocols and preferences follow security protocols
- Disable control protocol or internet protocol (TCP/IP) bindings for file and printer sharing
- Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled