Windows Nt/Windows 2000; Preventing Clients From Caching Ssl Files; Limiting Ports; Knowing Your Server's Limits - Netscape ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR Administrator's Manual

Considering Additional Security Issues

Windows NT/Windows 2000

Carefully consider which drives and directories you share with other machines.
Also, consider which users have accounts or Guest privileges.
Similarly, be careful about what programs you put on your server, or allow other
people to install on your server. Other people's programs might have security
holes. Worst of all, someone might upload a malicious program designed
specifically to subvert your security. Always examine programs carefully before
you allow them on your server.

Preventing Clients from Caching SSL Files

You can prevent pre-encrypted files from being cached by a client by adding the
following line inside the
<meta http-equiv="pragma" content="no-cache">

Limiting Ports

Disable any ports not used on the machine. Use routers or firewall configurations
to prevent incoming connections to anything other than the absolute minimum set
of ports. This means that the only way to get a shell on the machine is to physically
use the server's machine, which should be in a restricted area already.

Knowing Your Server's Limits

The server offers secure connections between the server and the client. It can't
control the security of information once the client has it, nor can it control access to
the server machine itself and its directories and files.
Being aware of these limitations helps you understand what situations to avoid.
For example, you might acquire credit card numbers over an SSL connection, but
are those numbers stored in a secure file on the server machine? What happens to
those numbers after the SSL connection is terminated? You should be responsible
for securing any information clients send to you through SSL.
134 Netscape Enterprise Server Administrator's Guide • August 2002
section of a file in HTML:
<HEAD>