SLAC Computer Security
Search SLAC

Web Servers

Authorization Required for Exposure to Internet
Any web server which is exposed to Internet must be approved by the Web Server Registrar Committee (request form).
If a web server is found exposed to Internet without authorization you will be required to shut it down immediately.
Whether approval is required or not it is still the responsibility of the web server administrator to keep the software up to date with patches and configured in a secure manner.
Applications
The SLAC Computer Security Team requires that, as with any system or software, an installation of any application has to be appropriately patched and maintained. The application has to be "well-written" and reviewed with security in mind.
Certificates
SLAC purchases SSL Web Server Certificates from Thawte. Any server which will be used by typical SLAC users cannot use self-signed certificates. The certificates must be purchased from Thawte by working with Teresa Downey.
References
Web Application Security
The Open Web Application Security Project (OWASP)
Owner: SLAC Computer Security
Last Updated: 08/25/2011
Feedback: Please send to
Computer Security Feedback