CIS benchmarks save security professionals tens of thousands of dollars in developing custom configuration policies and help demonstrate compliance with the security configuration requirements of PCI, ISO, FISMA, GLBA, HIPAA and S-OX.
Washington, DC (PRWEB) June 16, 2010
The Center for Internet Security (CIS) today announced the public release of its consensus security benchmarks for Apache HTTP Server 2.2, Apple Safari 4.0 and Opera 10.5 Browsers. These user-driven standards provide prescriptive guidance for IT administrators to securely configure the widely used web server that runs many Internet sites and for end users to securely configure the popular web browsers for improved privacy and protection from attacks. The benchmarks are available as free downloads at http://www.cisecurity.org.
Apache HTTP Server Benchmark
“We had excellent participation from the consensus team with a wide range of expertise. It’s clear the team is proud of the benchmark as it will be a very usable document,” shares Ralph Durkee, author of the Apache HTTP Server Benchmark, and Founder & Principal Security Consultant at Durkee Consulting, Inc.
According to Netcraft’s May 2010 Web Server Survey, Apache HTTP Server has 55% of the web server market share. Given the high prevalence of the Apache HTTP Server on the Internet and its role as the on-line “face” of many organizations by virtue of serving up their web pages, it is critical to help ensure organizations are well informed on how to secure it.
The Apache HTTP Server Benchmark provides recommendations in nine security categories including:
- Planning and Installation
- Apache Modules
- Restricting Privileges
- Access Controls
- Features, Content and Options
- Logging, Monitoring, and Maintenance
- Information Leakage
- Miscellaneous Configuration Settings
Safari and Opera Benchmarks
Web browsers, such as Apple Safari and Opera, are in constant communication with untrusted servers. Securing the browser configuration will help protect user’s privacy and reduce their system’s remote attack surface.
The Safari Browser operates on the iPhone, iPod touch, Mac and PC. The CIS Benchmark provides recommendations for Safari configuration in twelve security categories including:
- Pop-Up Blocker
- Proxy Settings
- Form Submissions
- Form Data
- Address Book Card
- Safe Browsing
- Private Browsing
Opera browsers are now used by more than 100 million people worldwide. The CIS Benchmark for Opera Browser provides recommendations in seven security categories including:
- Data Storage
- Dynamic Content Options
- Advanced Options
- Network Settings
- Informational Items
The CIS Public-Private Collaboration Process
CIS Benchmarks are developed through a consensus process involving hundreds of volunteer subject matters experts. Consensus participants provide perspective form a diverse set of backgrounds including consulting, software development, audit and compliance, security research, security operations, government and legal.
By using the benchmarks, security professionals save tens of thousands of dollars in developing custom configuration policies and are able to demonstrate compliance with the security configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.
The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus-based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit http://www.cisecurity.org.