Ensuring Web server security is one of the most thankless tasks facing information security pros. You need to balance the conflicting roles of allowing the public legitimate access to Web resources while trying to keep the bad guys out. You might even consider implementing two-factor authentication, such as RSA SecurID to obtain a high degree of confidence in your authentication system, but it wouldn’t be practical, or cost-effective to distribute tokens to all of your Web site users. Despite such conflicting goals, here are six tactics that can help lock down your Web servers.

Read the full article: Six steps to securing your Web server

Published in SearchSecurity on 10/13/04