Washington, DC (PRWEB) June 16, 2010
The Center for Internet Security (CIS) today announced the public release of its consensus security benchmarks for Apache HTTP Server 2.2, Apple Safari 4.0 and Opera 10.5 Browsers. These user-driven standards provide prescriptive guidance for IT administrators to securely configure the widely used web server that runs many Internet sites and for end users to securely configure the popular web browsers for improved privacy and protection from attacks. The benchmarks are available as free downloads at http://www.cisecurity.org.
Apache HTTP Server Benchmark
We had excellent participation from the consensus team with a wide range of expertise. Its clear the team is proud of the benchmark as it will be a very usable document, shares Ralph Durkee, author of the Apache HTTP Server Benchmark, and Founder & Principal Security Consultant at Durkee Consulting, Inc.
According to Netcrafts May 2010 Web Server Survey, Apache HTTP Server has 55% of the web server market share. Given the high prevalence of the Apache HTTP Server on the Internet and its role as the on-line face of many organizations by virtue of serving up their web pages, it is critical to help ensure organizations are well informed on how to secure it.
The Apache HTTP Server Benchmark provides recommendations in nine security categories including:
Planning and Installation
Apache Modules
Restricting Privileges
Access Controls
Features, Content and Options
Logging, Monitoring, and Maintenance
SSL/TLS
Information Leakage
Miscellaneous Configuration Settings
Safari and Opera Benchmarks
Web browsers, such as Apple Safari and Opera, are in constant communication with untrusted servers. Securing the browser configuration will help protect users privacy and reduce their systems remote attack surface.
The Safari Browser operates on the iPhone, iPod touch, Mac and PC. The CIS Benchmark provides recommendations for Safari configuration in twelve security categories including:
Pop-Up Blocker
Proxy Settings
Cookies
Form Submissions
Form Data
Credentials
Address Book Card
Safe Browsing
Java
JavaScript
Private Browsing
Opera browsers are now used by more than 100 million people worldwide. The CIS Benchmark for Opera Browser provides recommendations in seven security categories including:
Data Storage
Dynamic Content Options
Cookies
Advanced Options
Network Settings
Informational Items
The CIS Public-Private Collaboration Process
CIS Benchmarks are developed through a consensus process involving hundreds of volunteer subject matters experts. Consensus participants provide perspective form a diverse set of backgrounds including consulting, software development, audit and compliance, security research, security operations, government and legal.
By using the benchmarks, security professionals save tens of thousands of dollars in developing custom configuration policies and are able to demonstrate compliance with the security configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.
About CIS
The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus-based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit http://www.cisecurity.org.
###
Center for Internet Security Announces Release of Free Security Configuration Benchmarks for Apache HTTP Server and Safari and Opera Web Browsers
No comments:
Post a Comment