Posted: 2007-02-05 15:02:00
There is no shortage of bad, incomplete, and outdated information on the Internet and in print. And if that was not bad enough, there is also the problem of information overload.
Here are a few resources that can get you up to speed…
CIS is the only distributor of consensus best practice standards for security configuration. The Benchmarks are widely accepted by U.S. government agencies for FISMA compliance, and by auditors for compliance with the ISO standard as well as GLB, SOx, HIPAA, FIRPA and other the regulatory requirements for information security.
I recommend CIS Level-1 security for the Apache Web-Server. A number of the steps are OS-independent, and have been implemented under the Web-Developer Server Suite.
The Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications.