General discussion
-
CreatorTopic
-
September 15, 1999 at 3:55 am #2080348
Inhouse Internet Server
Lockedby technoman · about 25 years, 9 months ago
What is the best security for a internet web server that will be sitting outside your network? My company is bringing there web page hosting and development in house.
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
September 15, 1999 at 6:38 am #3901275
Inhouse Internet Server
by forhire · about 25 years, 9 months ago
In reply to Inhouse Internet Server
A good start would be to use a Linux distribution with Apache web server. I use and recommend Debian. It’s updated regularly, and usually has the latest security patches that can be automatically updated using dselect.
In addition, you want to limit the ports that are available to the outside world. Only have ports you absolutely need running, for example port 80 for http, and 443 for https. I would also recommend using SSH verses ftp or telnet to maintain your site, since SSH provides encryption.
The Linux kernel can also be compiled with firewalling options. You can run it on the same server that your web site is running on, but it’s generally better to have a seperate system that serves as a firewall.
-
September 8, 2000 at 4:12 pm #3743361
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
September 23, 1999 at 12:42 am #3901168
Inhouse Internet Server
by steven.riley · about 25 years, 9 months ago
In reply to Inhouse Internet Server
The Linux with Apache is a good suggestion if you have people who are good with Linux. Otherwise stick to IIS4… I know its not the most secure but it can be locked down quite well. An ideal solution would be to stick it behind a firewall but if you can’t be sure to disable all ports except the ones you really need. Unbind protocols that are not needed and so on. If you are going for an NT option check out the NSA Windows NT Security Guidelines. This will help you secure the box to a high level. If you want specific information mail me…
-
September 8, 2000 at 4:12 pm #3743362
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
September 23, 1999 at 10:43 am #3901159
Inhouse Internet Server
by ewwallace · about 25 years, 9 months ago
In reply to Inhouse Internet Server
Even though NT with IIS is one of the hardest to secure, if you’d prefer to run IIS for ease of use, here’s a good tip for locking down the system: Disable the “Server” and “Workstation” services on the web server, or unbind the NetBIOS Interface from the network adapter. This disables remote communication and control using the standard Microsoft methods, including drive sharing. Thus, the only way someone could get into the system is through a weakness in the ASP scripting or permissions. (Note that you’d have to update the pages by FTP after this procedure!)
-
September 8, 2000 at 4:12 pm #3743363
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
October 24, 1999 at 10:54 am #3900859
Inhouse Internet Server
by andrewshen · about 25 years, 8 months ago
In reply to Inhouse Internet Server
Setting up a firewall 😕
-
September 8, 2000 at 4:12 pm #3743364
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
October 25, 1999 at 5:03 pm #3900850
Inhouse Internet Server
by pkjohnston · about 25 years, 8 months ago
In reply to Inhouse Internet Server
The platform you select will most likely be chosen because of:
1 – familiarity … Unix people WON’T choose Microsoft
2 – easy to support … Microsoft people WON’T choose Unix
3 – cost … Linux/Apache people! Please don’t tease the others! But don’t forget soft costs, such as training and support.
4 – application/tools … Perl, Java, Apache can be done on NT, but thrive in a Unix world
5 – security … I just threw this one in because it is NEVER fournd in this list. The previous 4 reasons always seem to count over security.Security is never an absolute – so http://www.cert.org and http://www.sans.org should be in your “autofetch” browser favourites.
paul johnston
opinions expressed are my own, but I’m willing to share-
September 8, 2000 at 4:12 pm #3743365
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
October 27, 1999 at 2:35 am #3900820
Inhouse Internet Server
by rbelisle · about 25 years, 8 months ago
In reply to Inhouse Internet Server
The actual hardware/software you choose should really be a factor of what your business needs are, based on the ability to support (and secure) the application long term. The security of the site can be handled in a number of ways. My recommendation isto put the web server on a seperate network off a dedicated firewall. This will allow you to use the security and logging features of the firewall to enforce the overall security posture of the site. Next harden the OS of the web server, and tighten the security of the server application. The intent is to minimize an external user’s ability to do anything on that box, except what you specifically allow. The actual methods involved in doing this will depend on the server application, theOS it is running on, and the type of firewall you are using.
-
September 8, 2000 at 4:12 pm #3743366
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
April 6, 2000 at 8:54 am #3896792
Inhouse Internet Server
by insatiable · about 25 years, 2 months ago
In reply to Inhouse Internet Server
You didn’t mention the software that you use, or will be using… But for our inhouse internet webserver, or intranet, I limit access to IP ranges.
Depending on your network, you could also have user or group authentication that would run off froman LDAP Server, or a local database housed on the webserver.
I use Netscape Enterprise Server, called iPlanet now, on Sun.-
September 8, 2000 at 4:12 pm #3743367
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
Poster rated this answer
-
-
September 8, 2000 at 4:12 pm #3743360
Inhouse Internet Server
by technoman · about 24 years, 9 months ago
In reply to Inhouse Internet Server
This question was closed by the author
-
-
AuthorReplies