Page 362 - StudyBook.pdf
P. 362

346    Chapter 5 • Communication Security: Web Based Services

             Summary of Exam Objectives


             This chapter looked at the Security+ exam topics in the area of Web-based security
             with an emphasis on Web security, FTP-based security, and LDAP-based security.
             The Security+ technician must know how to configure, manage, and service secu-
             rity on a Web platform.As discussed,Web-based services are commonly vulnerable
             to threats and exploitation.
                 The problems associated with Web-based exploitation can affect a wide array of
             users, including end users surfing Web sites, using instant messaging, and shopping
             online. End users can have many security problems associated with their Web
             browsers, as well.This chapter discussed possible vulnerabilities, how to securely surf
             the Web, and how to shop online safely.
                 Another issue the Security+ Technician needs to understand is securing Web-
             based services and servers. Since Web-based services are usually exposed to the
             public Internet, thus increasing risk, Security+ Technicians will need to know how
             to deal with issues relating to these services.
                 This chapter also looked at FTP and LDAP services relating to the Web and
             examined security issues related to FTP and how exploitable it really is.The last
             section dealt with LDAP, its vulnerabilities, and how it provides security benefits
             when properly configured.

             Exam Objectives Fast Track



             Web Security


                   Web servers on the network that you are not aware exist are sometimes
                      called rogue Web servers. If you find such rogue Web servers, you should
                      disable the Web-based services to remove these Web servers from the
                      network if they are not needed.

                   The first task you should undertake to lock down your Web server is
                      applying the latest patches and updates from the vendor.After this task is
                      accomplished, the network administrator should follow the vendor’s
                      recommendations for securely configuring Web services.

                   Maintaining a secure Web server means ensuring that all scripts and Web
                      applications deployed on the Web server are free from Trojans, backdoors,
                      or other malicious code.




          www.syngress.com
   357   358   359   360   361   362   363   364   365   366   367