TABLE OF CONTENTS 
Web servers on the network that you are not aware exist are sometimes called rogue Web servers. If you find such rogue Web servers, you should disable the Web-based services to remove these Web servers from the network if they are not needed.
The first task you should undertake to lock down your Web server is applying the latest patches and updates from the vendor. After this task is accomplished, the network administrator should follow the vendor s recommendations for securely configuring Web services.
Maintaining a secure Web server means ensuring that all scripts and Web applications deployed on the Web server are free from Trojans, backdoors, or other malicious code.
Web browsers are a potential threat to security. Early browser programs were fairly simple, but today s browsers are complex; they are capable not only of displaying text and graphics but of playing sound files and movies and running executable code. The browser software also usually stores information about the computer on which it is installed and about the user (data stored as cookies on the local hard disk), which can be uploaded to Web servers either deliberately by the user or in response to code on a Web site without the user s knowledge.
ActiveX controls are programs that can run on Web pages or as self-standing programs. Essentially, it is Microsoft s implementation of Java. ActiveX controls can be used to run attacks on a machine if created by malicious programmers.
