Ask the Expert

Guidelines for "complete" security

Are there guidelines I can follow to ensure complete security of our Web server and applications? Are there specific guidelines for servers, firewalls, etc.?


    Requires Free Membership to View

There are, indeed guidelines you can follow to have good security.

However, you should realize that there is no such thing as complete security. Security is always a tradeoff and a spectrum, where more security means you can do less. At the "complete security" end, you've gotten complete security by unplugging your servers and disconnecting them from the network.

Having said that, I know that what you really mean is that you want as good security as possible. Nonetheless, there are also tradeoffs you need to think about. Do you want to allow outgoing traffic, but not incoming? Are there protocols you want to block completely (there probably are -- like NFS, Windows file sharing, print protocols)? Do you want to block streaming protocols? These are potential wastes of bandwidth, but do you want to stop it with the firewall or with a policy? No one can answer those questions but you.

There are a number of organizations that can help you with guidelines, and also provide other services. They include (in no particular order):
CERT/CC -- There is a lot of good security information here.
Security Focus -- Also a lot of information here on basics, Linux, Microsoft and Sun. Click on "The Basics" for a good starting point.
Computer Security Institute -- A good professional organization with a lot of good information.
SANS Institute -- Another good group with good information and classes.
Lance Spitzner's white papers -- There are a lot of good papers on armoring Solaris, Linux, NT and Checkpoint firewalls here.
The Honeynet Project -- A group working on various tricks and techniques of breaking systems. There are many good papers there, too.
The Shmoo Group -- The Shmoo Group is another group of security experts. (Full disclosure: I'm a member of the group.) There are quick news stories, commentary and resources there.


This was first published in March 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: