|
|
Security Basics
protecting web apps for governaments Jun 19 2012 03:23PM marco cohen (marcocohen2 gmail com) (3 replies) Re: protecting web apps for governaments Jun 20 2012 04:30AM Vedantam Sekhar (vedantamsekhar gmail com) RE: protecting web apps for governaments Jun 19 2012 04:58PM Miguel Gracia (mgracia grayhairsoftware com) (4 replies) RE: protecting web apps for governaments Jun 19 2012 05:59PM Dan Lynch (DLynch placer ca gov) (2 replies) Re: protecting web apps for governaments Jun 19 2012 08:49PM Shane Anglin (shane anglin gmail com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:26PM Computer Sevice Teeuwen \(Roy\) (roy csteeuwen nl) Re: protecting web apps for governaments Jun 19 2012 05:22PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 05:28PM Miguel Gracia (mgracia grayhairsoftware com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:48PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 06:00PM Miguel Gracia (mgracia grayhairsoftware com) |
|
Privacy Statement |
ad infinitum, but how much is enough?
The question to ask is whether the cost for protection will outweigh the
potential loss. An adequate risk analysis will provide this balance
point so we can know how much expense for protection is appropriate.
In the private sector, this figure can help an organization provide a
service without over-spending on protection. In business it's about the
bottom line.
In the government sector (or when dealing with legal requirements), this
figure will help an organization determine when to stop offering the
service.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Miguel Gracia
Sent: Tuesday, June 19, 2012 11:58 AM
To: marco cohen; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: protecting web apps for governaments
There is no such thing as too much protection. If the company feels
comfortable with this and thus requests nothing less, then it is worth
having. From a technical standpoint, it may be overkill but it may be a
requirement depending on audits done on the company and/or web apps.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of marco cohen
Sent: Tuesday, June 19, 2012 11:23 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: protecting web apps for governaments
HI all
Im doing a consulting for one of the governaments in europe.
the idea is to create a most secure segment in which we will locate all
the web apps of the gov and to protect them from any attack. we will buy
equipment like SIEM, HIDS IPS, Firewalls and WAF and prevention of DDOS
attacks.
but additionaly to this I am working on policies to implement heardening
of operation system of those servers.
I am considering also politices of code review (in this process algo
input validation), and twice a year pentest to all the 200 web sites.
I am wondering if also doing code review for every change in the those
web apps + pentest 2 time a year + WAF.
ISNT THAT TO MUCH FOR PROTECTING THE WEB SERVERS??
thanks a lot!
marco
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide
we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and
how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted
to help you ensure efficient ongoing management of your encryption keys
and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]