InformationReview and implement the following items as appropriate:
- Review and implement your organization's security policies as they relate to web security.
- Implement a secure network infrastructure by controlling access to/from your web server using firewalls, routers and switches.
- Harden the underlying operating system of the web server by minimizing listening network services, applying proper patches, and hardening the configurations as recommended in the appropriate Center for Internet Security benchmark for the platform.
- Implement central log monitoring processes.
- Implement a disk space monitoring process and log rotation mechanism.
- Educate developers about developing secure applications. http://www.owasp.org/ http://www.webappsec.org/
- Ensure the WHOIS Domain information registered for the web presence does not reveal sensitive personnel information, which may be leveraged for social engineering and other types of attacks.
- Ensure your Domain Name System (DNS) servers have been properly secured to prevent attacks, as recommended in the CIS BIND DNS benchmark.
- Implement intrusion detection technology, a web application firewall, or other similar technology to monitor attacks against the web server.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.