Web server security configuration

This chapter contains information about configuring added security for the WebSEAL server.

Topic Index:

Cryptographic hardware for encryption and key storage
Configuring WebSEAL to support only Suite B ciphers
You can configure WebSEAL to use only Suite B ciphers when negotiating an SSL connection.
Configuring NIST SP800-131A compliance
Special Publication 800-131a (SP 800-131a) is an information security standard of the National Institute of Standards and Technology (NIST). SP 800-131a requires longer key lengths and stronger cryptography than other standards. You can configure WebSEAL to comply with NIST SP800-131A when it is negotiating SSL connections.
Prevention of vulnerability caused by cross-site scripting
Cross-site scripting is a known technique for deploying malicious scripts on browsers. Web servers that incorrectly reflect user-supplied data to the browser without properly escaping the data are vulnerable to this type of attack.
Prevention of Cross-site Request Forgery (CSRF) attacks
Cross-site request forgery (CSRF) is a type of malicious website attack. A CSRF attack is sometimes called a one-click attack or session riding. This type of attack sends unauthorized requests from a user that the website trusts.
Suppression of WebSEAL and back-end server identity
Disabling HTTP methods
You can block the use of HTTP methods to request local or remote resources to reduce security vulnerability.
Platform for Privacy Preferences (P3P)

Parent topic: Configuration