Apply the latest service packs and security updates or the HTTP
service as well as for the Operating System and any applications loaded
on this same host. Once the patches are up-to-date, consider using the
automatic update feature to enable a higher level of security.
Install host-based anti-virus and Intrusion Detection software.
Be sure to keep both current on patches and review the log files frequently.
Disable unused script interpreters and remove their binaries. For
example; perl, perlscript, vbscript, jscript, javascript, and php.
Enable logging if it is an option and review the logs frequently,
preferably through an automated process that summarizes the events and
reports exceptions and suspicious events.
Use a syslog-like system to store Operating System and HTTPd logs
safely on another system.
Remove or restrict the system tools that are commonly used by attackers
to assist with both the initial compromise and expansion beyond the
initial victim host. For example; tftp(.exe), ftp(.exe), cmd.exe, bash,
net.exe, remote.exe, and telnet(.exe).
Limit the applications running on the host to the HTTP service/daemon
and its supporting services.
Be aware of and minimize any vectors into the inner network that
enter through public web server(s). For example, NetBIOS shares or trust
relationships.
Use different account naming conventions and unique passwords on
public facing systems than on internal systems. Any information leakage
from a public facing system should not aid an attack on the internal
systems.
