Tech agency points way past Web dangers

The National Institute of Standards and Technology published five security manuals on Thursday aimed at helping civilian agencies lock down their Web servers and e-mail servers to protect against security risks from telecommuting. Web servers are the most-attacked computers on the Internet, followed by e-mail servers.

In its 140-page Web-server document, NIST warned government administrators to carefully consider their use of active content such as ActiveX and JavaScript on their Web sites, since it increases the danger of being hacked. In addition, NIST also stressed that agencies should carefully consider the information they post online, taking down any confidential or classified information. In a second, 150-page, manual, NIST recommends that e-mail servers use encryption and system administrators take measures to heighten protection. The three other documents focus on telecommuting, securing interconnected services and accessing the common vulnerability encyclopedia, a standardized listing of security flaws in software.