Center for Internet Security Announces Release of Free Security Configuration Benchmarks for Apache HTTP Server and Safari and Opera Web Browsers

Center for Internet Security (CIS)

Washington, DC (PRWEB) June 16, 2010

The Center for Internet Security (CIS) today announced the public release of its consensus security benchmarks for Apache HTTP Server 2.2, Apple Safari 4.0 and Opera 10.5 Browsers. These user-driven standards provide prescriptive guidance for IT administrators to securely configure the widely used web server that runs many Internet sites and for end users to securely configure the popular web browsers for improved privacy and protection from attacks. The benchmarks are available as free downloads at http://www.cisecurity.org.

Apache HTTP Server Benchmark

“We had excellent participation from the consensus team with a wide range of expertise. It’s clear the team is proud of the benchmark as it will be a very usable document,” shares Ralph Durkee, author of the Apache HTTP Server Benchmark, and Founder & Principal Security Consultant at Durkee Consulting, Inc.

According to Netcraft’s May 2010 Web Server Survey, Apache HTTP Server has 55% of the web server market share. Given the high prevalence of the Apache HTTP Server on the Internet and its role as the on-line “face” of many organizations by virtue of serving up their web pages, it is critical to help ensure organizations are well informed on how to secure it.

The Apache HTTP Server Benchmark provides recommendations in nine security categories including:

Planning and Installation
Apache Modules
Restricting Privileges
Access Controls
Features, Content and Options
Logging, Monitoring, and Maintenance
SSL/TLS
Information Leakage
Miscellaneous Configuration Settings

Safari and Opera Benchmarks

Web browsers, such as Apple Safari and Opera, are in constant communication with untrusted servers. Securing the browser configuration will help protect user’s privacy and reduce their system’s remote attack surface.

The Safari Browser operates on the iPhone, iPod touch, Mac and PC. The CIS Benchmark provides recommendations for Safari configuration in twelve security categories including:

Pop-Up Blocker
Proxy Settings
Cookies
Form Submissions
Form Data
Credentials
Address Book Card
Safe Browsing
Java
JavaScript
Private Browsing

Opera browsers are now used by more than 100 million people worldwide. The CIS Benchmark for Opera Browser provides recommendations in seven security categories including:

Data Storage
Dynamic Content Options
Cookies
Advanced Options
Network Settings
Informational Items

The CIS Public-Private Collaboration Process

CIS Benchmarks are developed through a consensus process involving hundreds of volunteer subject matters experts. Consensus participants provide perspective form a diverse set of backgrounds including consulting, software development, audit and compliance, security research, security operations, government and legal.

By using the benchmarks, security professionals save tens of thousands of dollars in developing custom configuration policies and are able to demonstrate compliance with the security configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.

About CIS

The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus-based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit http://www.cisecurity.org.

###

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Popularity: 8% [?]

Load Testing Apache with Internet Explorer 8 and Firefox 3.5

User Capacity Chart

Durham, NC (PRWEB) November 20, 2009

Web developers are very excited. Performance improvements in the newer generation browsers enable them to open more simultaneous connections to web servers. After attending the Velocity conference and seeing the developers’ enthusiasm, Web Performance, Inc. (WPI) engineer Chris Merrill wondered what effect the improved browser performance would have on servers. The Apache Web server, like many others, has a relatively low limit on the number of simultaneous connections it will accept. Mr. Merrill and WPI decided to test the Apache server and see how it performed against the new generation browsers, specifically Internet Explorer 8.0 and Firefox 3.5. WPI’s goal was to give website administrators a rule of thumb to help them decide how soon they need to address the disparity between browser performance and server capacity.

WPI’s test explored the impact on user capacity of an Apache web server under load when the number of connections used by the browser increased from two to six. The test case consisted of a user browsing 10 pages of a typical static web site over a two minute period.    The 10 pages included 141 URLs as well as two relatively large pages. The total size of the test case was just under 2MB.

The test results were surprising, not so much in what they showed, but the degree to which they showed it. Measured by performance goals under load, the capacity of an Apache web server was reduced by 60% when visited exclusively by the latest generation of browsers. With the upgraded browser performance using six connections instead of two, default connection limits were exceeded at much lower user levels.

Fixing this problem will be as easy in some cases as changing a file to configure the web server to accept a larger number of connections. However, some servers, such

as the Apache server that was tested, have a compiled-in limitation on the number of connections they will accept. In these cases, the administrators will need to re-compile Apache and load-test it before deployment.

The amount of time before this disparity starts showing up in decreased browser speed and sporadic outages depends on how close the particular server is to its capacity limits and how quickly people adopt the new browsers. As Christopher Merrill says, “For any given site it is difficult to predict when they will hit the limit, but if I were a website administrator, I’d be testing and upgrading my servers now.”

Read Load Testing Apache with IE8 and Firefox 3.5.

###

Attachments

©Copyright 1997-

, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

Popularity: 13% [?]

Like many other E-Biz owners, you may not feel inclined to structure your online business as a legal entity. Maybe you argue that your business is too small or that you only sell on eBay. Or perhaps you feel the process is too expensive. But the real question isn’t the size of your business, or how much it’s worth. The real question is, how much can you afford to lose?

Personal Asset Protection

When you’re operating as a sole proprietor, the law views you and your business as inextricably linked. Explains attorney Patrick O’Neill, CEO of http://IncorporateABusiness.com, One of the biggest benefits of incorporating or forming an LLC is that your business becomes, in a legal sense, a completely separate entity from you and any other shareholders. So in the unfortunate event that your business is sued, a judgment against your business doesn’t extend to your assets, other than those invested in the business. Similarly, your business’ creditors can only come after company assets – your house, life savings, and stamp collection remain safely out of reach.

Image Enhancement

Besides putting a virtual firewall around your personal property, you’re also strengthening your business’ image. This is especially important, because as a small E-Biz owner, you’re already at a disadvantage:

* First, as a small, unknown business, you have to work hard to create credibility with your customers. Unlike a well-known chain store, you must convince shoppers that you can consistently provide top-quality products and first-rate customer service.

* Second, when you sell online, you lack a physical storefront where shoppers can walk around and get a sense of the kind of operation you run, and whether they feel comfortable purchasing from you.

Seeing XYZ Business, Inc. goes a lot further towards reassuring potential buyers that you’ve been verified, than a generic XYZ Business. The same is true for other organizations with which you do business. Wholesale suppliers and loan officers, for example, are more likely to take you seriously. Even the IRS is less apt to audit a home business that’s an established formal entity – they believe the odds are much higher that the owner isn’t just looking for illegitimate tax deductions.

Tax Flexibility

LLCs and S-corporations were both developed with small businesses in mind, and both eliminate the double taxation of a traditional corporation. A C-corp is taxed on its earning as if it were an actual person. Post-tax profits pass through to shareholders, who must include them in their reported taxable income. For Coca-cola, this might be bearable; but for a small eBay business, double taxation can be a crushing burden. An LLC or an S-corp, on the other hand, allow you to be taxed as a partnership, so you’re not paying taxes at entity-level. You’re only required to fill out an information return for your business, and the profits and deductions pass through proportionally to the shareholders.

* An LLC is much easier to form than a corporation, and the compliance formalities are less stringent. The operating agreement can be as flexible as you choose to make it.

* An S-corp is basically a small business corporation, or a corporation that’s taxed as a partnership. It is generally less adaptable than an LLC in income distribution and imposes greater ownership restrictions.

For the entrepreneur, forming a legal entity presents a tremendous value proposition. You’re taking preventative measures in protecting yourself and proactive measures in creating greater credibility, advises O’Neill. So you’re helping yourself on the front and back ends.

Popularity: 65% [?]