Information
Review and implement the following items as appropriate:
Reviewed and implemented company's security policies as they relate to web security.
Implemented a secure network infrastructure by controlling access to/from your web server by using firewalls, routers and switches.
Harden the underlying Operating System of the web server, by minimizing listening network services, applying proper patches and hardening the configurations as recommended in the appropriate Center for Internet Security benchmark for the platform.
Implement central log monitoring processes.
Implemented a disk space monitoring process and log rotation mechanism.
Educate developers, architects and testers about developing secure applications, and integrate security into the software development lifecycle. https://www.owasp.org/ http://www.webappsec.org/
Ensure the WHOIS Domain information registered for our web presence does not reveal sensitive personnel information, which may be leveraged for Social Engineering (Individual POC Names), War Dialing (Phone Numbers) and Brute Force Attacks (Email addresses matching actual system usernames).
Ensure your Domain Name Service (DNS) servers have been properly secured to prevent attacks, as recommended in the CIS BIND DNS Benchmark.
Implemented a Network Intrusion Detection System to monitor attacks against the web server.
Rationale:
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.