|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
Web Servers
- Authorization Required for Exposure to Internet
- Any web server which is exposed to Internet must be approved by the Web Server Registrar Committee (request form). Generally, all ports up to 1024 are blocked from offsite access therefore these ports do not need approval. However, ports above 1024 are often open and need specific approval.
- If a web server is found exposed to Internet without authorization you will be required to shut it down immediately.
- Whether approval is required or not it is still the responsibility of the web server administrator to keep the software up to date with patches and configured in a secure manner.
- PHP
- The SLAC Computer Security Team requires that, as with any system or software, an installation of PHP has to be appropriately patched and maintained. Any PHP-based application also has to be patched and maintained. Additionally, it has to be "well-written." At present, we are defining "well-written" for PHP-based applications to mean that they are able to run successfully in Safe Mode.
- Certificates
- SLAC purchases SSL Web Server Certificates from Thawte. Any server which will be used by typical SLAC users cannot use self-signed certificates. The certificates must be purchased from Thawte by working with Teresa Downey.
Owner: SLAC Computer Security |