Nepal Government’s Department of IT today published security guidelines for the safeguard of websites and web applications. In recent days, government web portals were being attacked repeatedly by Indian hackers.
The guidelines suggest applying the following precautionary measures to the websites and web applications:
- Backup the content of website/web applications on a regular basis in offline as well as online.
- Remove the unnecessary files, database, and application from the web host.
- Enable the SSL encryption mechanism
- Follow strong policy while generating the passwords.
- Do not store passwords on plain text, use one-way hashing instead.
- Follow multifactor authentication.
- Update the server environment/platform/framework/scripts.
- Stop the unrestricted file uploads in the server.
- Hide the information about the software development platform and operating system version.
- Close the unused service port.
- Suspend or block the user who is repeatedly trying to login with the wrong credentials.
- Perform security testing of website/application at least once a year following the Open Web Application Security Project (OWASP) security guidelines.
- Properly follow Government website development and management guidelines 2068 BS while developing websites and web applications.