Newbie question.. what are ACLs?
KOla
Thanks
-----Original Message-----
From: Erika L. Walker [mailto:[EMAIL PROTECTED]]
Sent: 25 May 2001 06:10
To: CF-Server
Subject: RE: New Server...
Wow! I never expected such a response to my question! I have been compiling
all these responses into my notes, they are all great, and I've been able to
take a look at setting up a server in a whole new light....
To answer Ben's question:
"I would still like to know why Erika chose to partition the drive and why
those specific partitions were chosen. I think that would better help us
answer the original question. It may be academic and moot at this point,
since I'm sure the server is already in up and running, but I am curious.
:)"
We are not set to put the server up until tomorrow actually. 3:00 pm EST.
..... and only if all goes well... (it's being co-located near-by) .... so it
still sits, in its box, unaware of its life ahead....
We decided upon the initial partitions for several reasons.
1) I have always been a fan of partitions. I like to keep stuff separate,
and neat.
2) It made sense to me to keep the OS separate from the web server. Two
totally different things that didn't need to be rooming together. Made good
sense security-wise too.
3) Since we couldn't get the client to spring for a separate server for SQL,
then the next best thing, or so I thought, was to give SQL it's own
partition. Also made sense security-wise. And I've always been told, keep
your databases out of and away from your web root.
4) Since we were separating everything else, the streaming files were in
luck and ended up with their own house.
That's all. Nothing more. Of course we will be locking things down as much
as we can. Deleting directories we don't need or use. Dumping the default
web account, no FrontPage whatsoever. We will be installing all the patches
we can get our hands on, with a regular routine to make sure they stay
current and up to date. I am sure we may miss something and maybe go back in
again and check things out, but I think for starters, we may be headed in
the right direction with this one....
Thank you again everybody. It's been extremely educational.
Erika
(with a *K*)
"One of the greatest pains to human nature is the pain of a new idea." -
Walter Bagehot
-----------------------------------------------------
-----Original Message-----
From: Benjamin S. Rogers [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 1:47 PM
To: CF-Server
Subject: RE: New Server...
Dave,
Although I agree with most of what you've said, I contend that this sort of
practice is only one step above the practice of associating a custom
extension with ColdFusion so that your pages do not end with the usual
ColdFusion extensions. At least the former does prevent one very specific
type of attack, rather than just delaying the inevitable.
I do not agree, however, that partitioning should be encouraged under the
guise of enhanced security. Though perhaps "idealistic," :) I believe that
comprehensive security practices should be encouraged at all times, even to
the exclusion of practices that may be more simple to implement, though less
secure. The latter seems to encourage a false sense of safety. Perhaps, this
is because some system administrators hear "partitions are more secure" and
begin repeating that like a personal mantra without a true idea of the scope
of that security.
For instance, I saw a recent report that, though more secure on a default
install, Windows 2000 installations are actually hacked far more often than
new Windows NT 4 installations (proportionally). Now, of course, there could
be quite a few reasons that this is the case, including the fact that
Windows NT has been around a lot longer and therefore it is easier to find
"best practices" white papers and other information about how to lock down a
Windows NT 4 server.
However, none of the explanations seem to take into account the fact that
the same hole patched on a Windows NT 4 server is less likely to be patched
on a Windows 2000 server. Both holes were discovered at the same time and
published in the same manner on all the usual sites. I believe many system
administrators are lulled into that false sense of safety with Windows 2000.
Why so? I'm not sure. Perhaps they believe the marketing propaganda, or
perhaps, because Windows 2000 is far more easy to use and administer, they
are less likely to question security issues or come across them.
Anyway, though I think there are quite a few good reasons for partioning
drives, I do not think partitioning should be actively encouraged for
security reasons. I would still like to know why Erika chose to partition
the drive and why those specific partitions were chosen. I think that would
better help us answer the original question. It may be academic and moot at
this point, since I'm sure the server is already in up and running, but I am
curious. :)
Benjamin S. Rogers
Web Developer, c4.net
Voice: (508) 240-0051
Fax: (508) 240-0057
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
