Q

Guidelines for "complete" security

Are there guidelines I can follow to ensure complete security of our Web server and applications? Are there specific guidelines for servers, firewalls, etc.?


There are, indeed guidelines you can follow to have good security.

However, you should realize that there is no such thing as complete security. Security is always a tradeoff and a spectrum, where more security means you can do less. At the "complete security" end, you've gotten complete security by unplugging your servers and disconnecting them from the network.

Having said that, I know that what you really mean is that you want as good security as possible. Nonetheless, there are also tradeoffs you need to think about. Do you want to allow outgoing traffic, but not incoming? Are there protocols you want to block completely (there probably are -- like NFS, Windows file sharing, print protocols)? Do you want to block streaming protocols? These are potential wastes of bandwidth, but do you want to stop it with the firewall or with a policy? No one can answer those questions but you.

There are a number of organizations that can help you with guidelines, and also provide other services. They include (in no particular order):
CERT/CC -- There is a lot of good security information here.
Security Focus -- Also a lot of information here on basics, Linux, Microsoft and Sun. Click on "The Basics" for a good starting point.
Computer Security Institute -- A good professional organization with a lot of good information.
SANS Institute -- Another good group with good information and classes.
Lance Spitzner's white papers -- There are a lot of good papers on armoring Solaris, Linux, NT and Checkpoint firewalls here.
The Honeynet Project -- A group working on various tricks and techniques of breaking systems. There are many good papers there, too.
The Shmoo Group -- The Shmoo Group is another group of security experts. (Full disclosure: I'm a member of the group.) There are quick news stories, commentary and resources there.


This was first published in March 2001
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close