Protect against attacks that could deny a service by:
- Installing the latest security patches.
- Ensuring log settings meet the operational needs of the server environment. Do not use "Debug" log level in production environments.
- Documenting the configuration settings used for servers and create a process for changing them.
- Setting an expiry date (Expires) for when a cookie gets deleted.
- Protecting access to configuration files with physical and file system security.