Elements and Performance Criteria
- Determine business security requirements
- Ensure web server security
- Ensure that the web server password is obscure and non-traceable
- Install and maintain an effective intrusion detection system, according to business requirements
- Ensure that user accounts have only the required permissions on the server
- Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory
- Ensure that web forms check data before passing it to the server
- Ensure protocol security
- Protect the fixed internet connection, and the internet protocol (IP) address
- Protect shared network resources from intrusion, according to business requirements
- Ensure that personal computer (PC) protocols and preferences follow security protocols
- Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing
- Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled