Nist Sp 800 123 Guide To General Server Security

NIST SP 800-123 Guide to General Server Security

NIST SP 800-123 July 2008 An organization's servers provide a wide variety of services to internal and external users, and many servers also store or process sensitive information for the organization. Some of the most common types of servers are Web, email, database, infrastructure management, and file servers. This publication addresses the general security issues of typical servers. Servers are frequently targeted by attackers because of the value of their data and services. For example, a server might contain personally identifiable information that could be used to perform identity theft. Why buy a book you can download for free? First you gotta find it and make sure it's the latest version, not always easy. Then you gotta print it using a network printer you share with 100 other people - and its outta paper - and the toner is low (take out the toner cartridge, shake it, then put it back). If it's just 10 pages, no problem, but if it's a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that's paid $75 an hour has to do this himself (who has assistant's anymore?). If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money. It's much more cost-effective to just order the latest version from Amazon.com This public domain material is published by 4th Watch Books. We publish tightly-bound, full-size books at 8 � by 11 inches, with glossy covers. 4th Watch Books is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology. For more titles published by 4th Watch, please visit: cybah.webplus.net GSA P-100 Facilities Standards for the Public Buildings Service GSA P-120 Cost and Schedule Management Policy Requirements GSA P-140 Child Care Center Design Guide GSA Standard Level Features and Finishes for U.S. Courts Facilities GSA Courtroom Technology Manual NIST SP 500-299 NIST Cloud Computing Security Reference Architecture NIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2 NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 & 2 NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT NIST SP 1800-8 Securing Wireless Infusion Pumps NISTIR 7497 Security Architecture Design Process for Health Information Exchanges (HIEs) NIST SP 800-66 Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices NIST SP 800-177 Trustworthy Email NIST SP 800-184 Guide for Cybersecurity Event Recovery NIST SP 800-190 Application Container Security Guide NIST SP 800-193 Platform Firmware Resiliency Guidelines NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices NIST SP 1800-2 Identity and Access Management for Electric Utilities NIST SP 1800-5 IT Asset Management: Financial Services NIST SP 1800-6 Domain Name Systems-Based Electronic Mail Security NIST SP 1800-7 Situational Awareness for Electric Utilities DoD Medical Space Planning Criteria FARs Federal Acquisitions Regulation DFARS Defense Federal Acquisitions Regulations Supplement

Guide to General Server Security

NIST Special Publication 800-123 Guide to General Server Security

This is a Hard copy of the NIST Special Publication 800-123 Guide to General Server Security The purpose of this document is to assist organizations in understanding the fundamental activities performed as part of securing and maintaining the security of servers that provide services over network communications as a main function. Hosts that incidentally provide one or a few services for maintenance or accessibility purposes, such as a remote access service for remote troubleshooting, are not considered servers in this document. The types of servers this publication addresses include outward-facing publicly accessible servers, such as web and email services, and a wide range of inward-facing servers. This document discusses the need to secure servers and provides recommendations for selecting, implementing, and maintaining the necessary security controls. This document addresses common servers that use general operating systems (OS) such as Unix, Linux, and Windows. Many of the recommendations in this document may also be applicable to servers that use specialized OSs or run on proprietary appliances, but other recommendations will not be implementable or may have unintended consequences, so such servers are considered outside the scope of this document. Other types of servers outside the scope of this document are virtual servers and highly specialized servers, particularly security infrastructure devices (e.g., firewalls, intrusion detection systems), which have unusual configurations and security needs. Other NIST documents, such as Special Publication (SP) 800-45 Version 2, Guidelines on Electronic Mail Security and SP 800-44 Version 2, Guidelines on Securing Public Web Servers, provide recommendations for particular types of servers. The recommendations in this document are intended as a foundation for other server-related documents and do not override more specific recommendations made in such documents.