Apache Server configuration support - Re: Is known IP-number filtering pretty much all that is needed for website security/v

This is Interesting: Free IT Magazines  
Home > Archive > Apache Server configuration support > May 2006 > Re: Is known IP-number filtering pretty much all that is needed for website security/v





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Is known IP-number filtering pretty much all that is needed for website security/v
Frankster

2006-05-18, 1:17 pm

All the negative replies notwithstanding...

Restricting access to only a few specific known IPs is very good. I'm
assuming this means no anonymous access whatsoever. Good stuff.

Now... for those specific IPs, you would want to set up a userID logon and
complex password to access your network resources. Just as you would do for
local LAN users to logon to their own workstations.

Certainly there is much more to security, in total, but here's what some
observers fail to understand... if the accessible system has no services
available (like most home users should), the risk is minimal. It is when you
have services running on the system that the risk escalates. And... access
to these services via anonymous transparent logons (i.e. a public web
server) is the worst.

You have no anonymous public access. Straight away you have a good start.
Next thing would be to "harden" your OS. Meaning... make sure your system is
set up to allow system and file access to only the users that need it (on
the LAN as well as from the Internet).

Yes, keeing up with OS patches and vulnerability updates is always
important, but that risk is always there and not limited to Internet users.

-Frank

"ship" <shiphen@gmail.com> wrote in message
news:1147895738.336806.144280@y43g2000cwc.googlegroups.com...
>
>
> Hi
>
> I want to get some views on security/vulnerability to hacking.
>
> Our ISP has just put our website onto a new dedicated webserver for us.
> It is running Apache (latest) on Linux. And MySQL.
> We have got the thing protected by a router that has IP filtering on
> it.
>
> Basically we are only allowing point to point traffic - that is traffic
>
> a tiny range of precisely specified IP numbers to have FTP access.
>
> This of course means that everyone who runs the site needs to
> have a dedicated IP number.
>
> This may sound naive but do you think the above will be enough
> to stop hackers from getting in?!
>
> (e.g.
> - should we buy a separate firewall box or is it enough to
> just rely on the router's filtering?
>
> - What other vulnerabilities should we be tackling.
>
> - Is there any way of spoofing IP numbers?
>
>
>
> Ship
> Shiperton Henethe
> (webmaster)
>


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2009 webservertalk.com