Thursday, 5 April 2007

Securing your web server

OK for anyone that hasn’t yet read or understand the basics of protecting your web server here are some rules.
One if anyone can see the web server on non public ports such as Microsoft SQL, MySQL,NetBIOS, Telnet, SSH and RDP other than you then there is a risk of being hacked or attacked be virus’s, worms or denial of service attacks.
If your web server sits on your Company LAN your system administrator will have most likely taken steps to secure it from attacks but when it is off site you must take some kind of protection most Co-locations or hosted servers have some form of firewall but not all also if your like me and trust no one, not even your ISP then there are some more things you can consider.
First Way
Make sure only ports you want the external public use to see ie HTTP HTTPS are open you can do this in a few ways, with windows you can configure the network adapter to allow only port 80 and 443, this may cause some problem with logon and other services the way around this is to add a virtual adapter ie the Microsoft Loopback Adapter so that other services that need to interact with the OS can use that adapter and not the physical adapter and IP, only problem is that this also prevents access to the server from any other locations as well making very secure but hard to update or fix remotely.
Second Way
You can use a firewall device to limit the traffic to the web server and provide VPN access to the local LAN allowing you to update and make changes without compromising the security of the server, I personal use either a Cisco PIX or LAN Cisco router for this but I know most of you will use what you know best.
These are not the only ways and far from a complete list.

No comments: