Applications

Application security has many of the same security considerations as host security. The most important is keeping your application up-to-date with the latest security fixes. This doesn't always mean buying the latest version of a piece of code. (In fact, sometimes it means sticking with older, stable software.) Just make sure your critical applications are still supported by the developer and that any new security issues that are uncovered will be handled in a timely manner. In addition to keeping a system up-to-date, logging and application configuration are also important.

NOTE

Hardening guides for popular applications are available all over the Internet. The following are a few samples for some more popular applications:

• Microsoft Internet Information Server (IIS) You can find IIS-hardening guidelines on the Microsoft website: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp.
• Apache web server The following site provides guidelines for setting up an Apache web server: http://httpd.apache.org/docs-2.0/misc/security_tips.html.
• Berkeley Internet Name Domain (BIND) Rob Thomas provides a secure BIND template at the following site: http://www.cymru.com/Documents/secure-bind-template.html.