Recent news on cyberattacks has everyone scrambling to ensure their website isn’t the next victim. The fact is, the attacks never stop coming, and any public-facing website can be attacked—all you can do is put forth your best defenses to protect sacred company data. In the US-CERT Guide to Website Security IT Download, you will learn how to reduce your company website’s weaknesses and also how to mitigate damage from an attack should one occur.
This technical information paper (TIP) covers web server security, including protection of back-end data and the use of SQL services. It explains which applications are necessary and which can be disabled:
… a web server does not require web browsing capability and if a web server is not performing FTP functionality there is no need to have that service running. Removing or disabling any unused components will reduce the attack surface area.
To further protect the company’s web presence, the paper lists additional web services and applications that can be used, depending upon need, risk and budgeting limitations. The list includes information on:
Arm yourself with the right information to continually improve your site’s security stance and help keep your company’s web presence safe from vulnerabilities or outright attacks.