Web

UNUG Home
Up
Ports
Sendmail
tcp_wrapper
PGP
Firewalls
Linux
Sun OS
Web
setuid
tcpdump
CERT/Hacker Reports
Vendor
SSH
Monitor
Kerberos
AFS
Xhosts
r Command
su_users
Installation
Virus, Trojan, Worm, etc.
Filesystem
Passwords
Monitor Logs
Physical Security
User Management

8. The web

The WWW is most vulnerable because of CGI scripts that allow an attacker to execute arbitrary commands on a WWW server under the effective user-id of the server process.  For a complete discussion of this and how to prevent it see the following CERT publication: 

ftp://ftp.cert.org/pub/tech_tips/cgi_metacharacters 

Also, a very complete explanation of the security problems related to the WWW (and there are a lot of them) can be found here: 

http://www.w3.org/Security/Faq 

We recommend that if you don’t need to run a Web server of your own, then don’t.  IT can provide AFS space to departments that want Web pages to appear under www.asu.edu.  You can save your compute power by running your Web pages on IT servers, but you’ll still have access to maintain your pages since they reside in AFS spcae.

 If you still need to run a Web server of your own at ASU, then you should carefully read and understand these documents.  Please contact ASU’s Webmaster if you have any questions regarding Web space at ASU or about how to set up your pages in AFS.