> -----Original Message----- > From: CreativeSell [mailto:[EMAIL PROTECTED] > Sent: 30 June 2003 22:50 > To: [EMAIL PROTECTED] > Subject: Question for you all > > Hi Olly,
Probably the first thing I'd do is get hold of a private email address that isn't easily associated with your site and use that to conduct your queries. If at any point you then accidentally mention some vulnerability that you have, or if the advice you're urged to follow leaves you open to attack, at least you haven't given away the site to attack as well. Sounds like you are doing the right thing by keeping the system patched where appropriate. You don't mention how you host the web server - ideally there should be a firewall between the server and the Internet. While your linux box could be turned into an effective firewall, you don't really want to be running any other services on it (so your website should be on a different box). Of course, if you are hosting the box in a colocation centre then you may not be able to install multiple PCs ... that leaves you in a quandary - you either install the web services on your firewall or you use something like vmware to have two virtual machines on the same PC hardware (there are plenty of people who advocate vmware as a security solution, but I've never used it in that manner, so I can't comment). If you have a separate firewall (or the colocation centre provides this service) then think about the minimum that you need to be allowed in and out and assume a "disallow all unless specifically allowed" policy for the firewall. Note: If you have a separate firewall then there is less requirement to run netfilter/iptables on your linux box ... but it does give you an extra layer of security (I'd certainly do it if you're relying on an external firewall service in a colocation suite) Given a better idea of your configuration the people on this list can probably advise you quite specifically on firewall rules.. You're running an HTTP server, what about HTTPS Will you operate a mailserver? (SMTP) How do you access the box - is it on your internal network or do you need to connect to it over the Internet (ssh, imap/SSL) Do you need to use ftp? (initiated inbound, outbound or both) It's relatively easy to configure your site to be secure *enough* (just enough to make script kiddies move onto the next site) so it's worth thinking about how secure you need your site to be - do you hold sensitive information?, is it valuable to outsiders or just to you, are you liable to prosecution if your system is compromised. But be careful about what you give away when posting to bulletin boards or newsgroups - you never know who's reading this stuff and it gets archived for a long time. Good luck! > Hi All, > > Having just got off an awful php host, my partner and I have > decided to get > our own redhat server. However we are slightly apprhhensive > about ebing > hacked to pieces. we are keeping up to date with all > bugtracks and security > updates...what else can we do? > > Olly > __________________________________________________ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
