Notes on Hardening Basics - Hsanokklis/2023-2024-Tech-journal GitHub Wiki
Goals of Information Security
- Confidentiality
- Integrity
- Availability
Confidentiality
Web Traffic in Transit
- Not readable
Authentication
- Protect resources by requiring authentication
- protect authentication credentials using secure technologies
Least Privilege
- Only allow users to access the resources they need
- Prevent exposing unnecessary information about the server/application itself
File System Protections
- Set appropriate permissions on web content, scripts and configuration files
- prevent "file inclusion vulnerabilities