| Walter Roberson 2006-05-17, 7:17 pm |
| In article <1147895738.336806.144280@y43g2000cwc.googlegroups.com>,
ship <shiphen@gmail.com> wrote:
>Our ISP has just put our website onto a new dedicated webserver for us.
>It is running Apache (latest) on Linux. And MySQL.
>We have got the thing protected by a router that has IP filtering on
>it.
>Basically we are only allowing point to point traffic - that is traffic
>a tiny range of precisely specified IP numbers to have FTP access.
>This of course means that everyone who runs the site needs to
>have a dedicated IP number.
>This may sound naive but do you think the above will be enough
>to stop hackers from getting in?!
No. Anyone who cracks the web server could potentially gain full
access -- and how are you securing the computers that would be allowed
FTP access?
>- Is there any way of spoofing IP numbers?
Yes. The difficulty of doing so depends upon the operating system.
Any reasonably recent Linux would likely make it quite difficult
to do. Probably easier to take over one of the control systems and use
those to attack the server.
If your site gets popular, then eventually it will likely be
subject to a DoS (Denial of Service) attack. Routers aren't usually
very good at stopping those.
Is there a good reason to use ftp specifically? sftp or scp would
be more secure.
|