CompTIA® Security+ Exam Notes : Purpose For Frameworks,and Secure Configuration Guides

3. Architecture and Design

3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides

Web Server:

All web applications such as Web servers, News servers, email servers etc. need to be configured as secure as possible. This can be achieved by

  • Removing all unnecessary services. These are the services that are installed but not used. For example, you might have installed TFTP, but not using it. It is better to remove the application or service that is not used as it may provide an opportunity to a hacker to abuse the resource.
  • Remove all unnecessary protocols: These are the protocols that are installed but not used. For example, you might have installed Novell Netware protocol but not necessary. It is preferable to remove that protocol.

Enable server and application logs: The logs provide an opportunity to look into the activity on the server over the past few hours or days. Check for any unusual activity such as failed login attempts etc.

Example: You are administering a web server that is hosting an e-commerce web site for your company. The manufacturer of the web server has released a new patch that plugs some critical security loopholes. What needs to be done?

Solution: It is wise to implement software updates on a web server located in the lab, and then implement the same on production web server. It is also important to take a backup of the web server before implementing any software updates. In the event that anything goes wrong during the update, you can always restore the systems back to its previous state using the backup.


















Previous   Contents   Next


Security+ Cram Notes Contents certexams.com ad