Most corporate web sites are vulnerable due to six common problems, including software bugs, inappropriate privileges, default installation options, remote management, insecure transmissions, and insider threats. The systems administrator should begin to secure the Web server by understanding and then addressing these issues. Although a web server can never be completely secure, common sense security measures and careful monitoring can make a server so difficult to break into that would-be vandals will turn to easier targets. The problems can be addressed by several practical steps. These include isolating the Web server, securing the operating system, restricting privileges, turning-off features and removing unnecessary scripts, encrypting transmissions, maintaining server operations, and preparing for a disaster. The Web server should be regularly backed up to tape or magneto-optical disk, and the backup media should be kept in a safe, clean place. To ensure that the backup system works, the systems administrator should regularly choose a file or directory at random and attempt to restore it from backup.