How do you make your web server as secure as possible – while using the latest open security standards? How do you ensure your web site is available to everyone across all the global network of networks that is the Internet?
For the Internet to remain open, globally-connected, trustworthy, and secure, we believe the networks and servers that make up the Internet need to be based on the latest and most secure standards coming out of the Internet Engineering Task Force (IETF).
Many web server administrators may want to support the latest standards and protocols, but they don’t know how, and don’t necessarily have the time to figure it out. It may be item #393 in a long list of to-dos. Web site administrators may not be aware of the latest open standards, or may not know why they should support these standards.
As part of our Action Plan 2020, we are launching the Open Standards Everywhere project, with a focus in 2020 on the security and availability of web servers.
The project has four main components:
- Build four reference servers – Using apache and nginx, with and without a CDN, and using Let’s Encrypt for TLS certificates, we will show how a server can be configured that uses the latest open standards and protocols.
- Create step-by-step documentation – We will document exactly what has to be done, and make that available to everyone. Anyone can easily understand what they need to do for many sites. The documentation will be available as text and video tutorials – and could take other forms. We’ll also share information that helps explain why supporting these standards is important, including information to help you make the business case to others within your organization. As we do for other content, we’ll be publishing this documentation in English, French, and Spanish.
- Promote these resources and servers – Once the materials are online, we’ll promote the resources and work with people across the Internet to help increase the security of web servers. We’ll write articles, hold webinars, speak at events, and much more.
- Lead by example – While we are developing these resources, we’ll also be working to bring all of our corporate web servers into full support for these standards. We plan to reach out to our Chapters and Special Interest Groups to see how we can help them with their websites, too.
By the end of 2020, our goal is to see an increase in security and availability of web servers across the Internet through the usage of TLS, DNSSEC, IPv6, and HTTP/2.
In 2021 and future years, we intend to expand the project to support other critical servers such as email servers, network time servers, DNS servers, and communications/messaging servers. Largely we will be watching the work of the IETF and seeing what new protocols come out that we can help promote to build a bigger, stronger Internet.
We will also continue to monitor and evolve the project documentation around web servers. For example, as HTTP3/QUIC moves out into deployment, we will look to build that into this project. We may also explore creating some Docker images and other ways we may be able to help with deployment.
I will be leading this Open Standards Everywhere project. Our team has already built the reference servers and we’ll soon be working on that documentation. But won’t be creating it all ourselves. We’ll also be referencing many of the excellent tutorials that are already out there, including some of our own we created as part of our previous Deploy360 Programme. We’re looking forward to collaborating with our community and others to make this documentation as strong and useful as possible. We’ve also already started working on our corporate websites.
How You Can Get Involved!
For open standards to truly be deployed everywhere, our small team can’t do it alone! WE NEED YOUR HELP! There are several ways you can be involved.
1. Sign Up In the Internet Society Member Portal To Be Involved
If you are an Internet Society Member (and if not, membership is free), you can log in to our member portal and follow the instructions on the bottom of this 2020 projects page to tell us HOW you would like to be involved with the project:
- Click on the button “Edit My Profile” on the home page (in the blue banner across the top).
- Go to the “Preferences” tab.
- Select the “Edit” button in the “Projects of Interest” section
- Find the project (still under the internal name “Functioning Open Standards Server Ecosystem”) and indicate the ways in which you would like to help.
- Click the “Save” button. The information will be saved to your Profile and presented on the “Preferences” screen.
Note that if you are a Chapter Leader or Organization Member, there are additional steps you can take listed on the bottom of the 2020 projects page to indicate the interest of your Chapter or Organization Member.
We plan to send out some initial information soon and provide a way for members to engage in more direct conversation with the project team. So please do sign up soon!
2. Test your own website(s) for support
Before we even get the project underway, you can test your web site(s) and see how well it does. If it needs work, and as we get more documentation out there, you can improve your server. Two of the test sites we are using are:
- Internet.nl – The website test covers IPv6, DNSSEC, TLS 1.3, and various TLS options.
- https.pro – A test for HTTP/2 support.
Once you have this baseline measurement, you’ll be able to see how your site(s) evolve over 2020.
3. Star / watch our documentation repository on GitHub
We’re going to try something a little different with this project. Rather than simply publishing our documents on our website, we are instead going to develop them in a GitHub repository, ose-documentation, and then link them into our website (more on that in a later post). We’re trying this out with the idea that:
- other web administrators / operators may be able to easily find the documentation through GitHub
- people can use the GitHub issue tracker to raise issues about the documentation
- people can potentially contribute text (or other translations) as the project moves along
If you use GitHub, you are welcome to star or watch our ose-documentation repository so that you can stay up on what we are doing as the project moves forward. I’ll provide updates on this in future posts.
Deploying open standards everywhere…
That’s our plan! Over the next five years our goal is to use this Open Standards Everywhere project as a way to help people operating different kinds of servers to both see the value in new open Internet standards and also understand how to deploy those standards on their website(s). In the end, we’ll all have a bigger, stronger, and more secure Internet.
Please join us in this work!
Image credit : janicetea on Unsplash
The post Introducing our Open Standards Everywhere project – securing web servers in 2020! appeared first on Internet Society.