|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
Web Servers
- Authorization Required for Exposure to Internet
- Any web server which is exposed to Internet must be approved by the Web Server Registrar Committee (request form).
- If a web server is found exposed to Internet without authorization you will be required to shut it down immediately.
- Whether approval is required or not it is still the responsibility of the web server administrator to keep the software up to date with patches and configured in a secure manner.
- Applications
- The SLAC Computer Security Team requires that, as with any system or software, an installation of any application has to be appropriately patched and maintained. The application has to be "well-written" and reviewed with security in mind.
- Certificates
- SLAC purchases SSL Web Server Certificates from Thawte. Any server which will be used by typical SLAC users cannot use self-signed certificates. The certificates must be purchased from Thawte by working with Teresa Downey.
- References
- Web Application Security
- The Open Web Application Security Project (OWASP)
Owner: SLAC Computer Security |