欢迎来到天天文库
浏览记录
ID:49199375
大小:100.50 KB
页数:11页
时间:2020-03-01
《audit of web presence security:网站存在的安全审计.doc》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、PageAuditofWebPreseneeSecurityTableofContents1334688FCCWebPresenceAPPENDIXBDetailedFindingsandRecommendationsB-lEXECUTIVESUMMARYAUDITOBJECTIVEAUDITSCOPEAUDITAPPROACHBACKGROUNDOBSERVATIONSRESPONSEAPPENDIXAArchitectureA-lReportonWebPresenceAPPENDIXCSecurityWTBResponse
2、C-lAPPENDIXDReportonWebPresenceSecurityITCResponseD-lExecutiveSummaryTheFederalCommunicationsCommission(FCC)isincreasinglyusingtheInternettoconductbusinessandtodisseminateinformation.Forexample,theCommissioncurrentlymaintainsseveralinternet-basedelectronicfiling(e-f
3、iling)systemsthatallowthepublictosubmitand/orreviewthedifferenttypesoffilingsrelatedtoFCCproceedings,rulemakings,tariffs,andofficialforms.Tomaintainthosesystemsthatallowthepublictosubmitand/orfilingsviatheInternet,theFCChasdevelopedaninfrastructurethatwehavecalledth
4、ewebpresence.Thewebpresenceincludesallhardware,software,andnetworkservicesthatcomprisetheCommission1sInternetentryandegresspoints.WelikentheWebPresencetotheFCC1sdoorsandwindowsontheInternet.Justasaprudentbusinesspersonwouldcheckthesecurityoftheofficedoorsandwindows,
5、wedevelopedthescopeofthisaudittoassessthecurrentsecuritypostureoftheFCC'swebpresence.Again,likethebusinessperson,wefocusedmuchofoureffortsontheexternalthreat.BecausetheuseoftheInternetforcommercepresentsnewanduniquesecuritychallenges,wedevelopedasetofspecificinforma
6、tionsecurityrelatedobjectivesforthisaudit.Theyinclude:DetermineifanyconditionsexistthatcouldallowexternaluserorhackertopenetratewebserversecurityandcausepossibleharmtoCommissionassets.EnsurethattheFCCisnotvulnerabletoknownWeb-basedsecurityattacks•Identifyvulnerabili
7、tiesinthegeneralcontrolsoverweb-bmsedassets.TogaugetheextentthattheFCCmetthesegoals,wecontractedwithTWMAssociates,Inc.(TWM)toconductanauditofwebpresencesecurity.Underourguidanceandsupervision,TWMdevelopedanauditworkplandesignedtomeasuretheextentthattheCommission1swe
8、bpresenceinfrastructurefulfilledtheabovementionedsecuritygoals.ThisauditworkplanservedasthebasisfortheauditTWMconductedonthewebpresence.Th
此文档下载收益归作者所有