WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.3  Application Hardening

Previous Topic/Section
3.5.3.1  Updates
Previous Page
Pages in Current Topic/Section
1
234
Next Page
 3.5.3.3  Email Servers
Next Topic/Section

3.5.3.2  Web Servers
(Page 1 of 4)

Web servers are often a company’s primary interface with the outside world, since a company’s web site is generally accessible to anyone, with no authorization required.

Web Servers

Web Servers are frequently a critical component to customers.


Web servers accept HTTP requests on port 80, and HTTPS requests on port 443. You can change these port numbers, if you wish, but understand that unless your site visitors know the alternate port number at which your site lives, they won’t find it.

Critical Ports for Web Servers

Web servers use TCP port 80 for HTTP requests and port 443 for HTTPS (SSL) requests.


When looking at hardening your web server, you actually need to look at a variety of tasks (in addition to hardening the machine on which the server software is running). In the early 1990’s, a web server consisted of just the server software itself and a bunch of static pages displayed upon request. Time marched on, and now web servers typically include some sort of application server to process pages whose content is dynamically created, such as JSP or ASP pages. So, hardening a web server includes:

  • Hardening the web server software

  • Hardening any “third party” server-side applications it uses

  • Hardening any applications you’ve written for it

Previous Topic/Section
3.5.3.1  Updates
Previous Page
Pages in Current Topic/Section
1
234
Next Page
 3.5.3.3  Email Servers
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.