Results 1 to 10 of 10
Thread: Securing my server
-
04-04-2004, 01:18 PM #1Junior Guru Wannabe
- Join Date
- Mar 2004
- Location
- Belgium
- Posts
- 81
Securing my server
Hello everybody,
Next week I'm about to move my server from home to my colocation facility. It runs Windows 2000 Server on it, and to say, I'm quite concerned about security.
How can I prevent that my server is being hacked?
I've already disabled services in windows that aren't needed, disabled netbios as far as possible.
I'm running Apache, with php and mysql + perl. As DNS server software I'm using microsoft's one included with windows 2000 server.
I've created an IpSec policy to block all incoming traffic except service ports that I need.
Is there anything I can do to secure my server more? How can I prevent a DOS attack? etc...
-
04-04-2004, 01:22 PM #2Disabled
- Join Date
- Feb 2003
- Location
- Rialto, CA
- Posts
- 2,039
You cant prevent a (D)DoS attack... and theres nothing that will make your box unhackable.. but so far you're on the right track...
-
04-04-2004, 03:05 PM #3Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
MrDredd is correct that you cannot have a hacker proof or DoS proof system on the Internet.
However, you can take measures to make your system more resistant against hackers and survive light DOS attacks.
Look at setting up the following:
* Firewall
* mod_security from http://www.modsecurity.org/ (since you mentioned you are running Apache)
* Reviewing the security alerts and tools mentioned on http://www.microsoft.com/technet/security/default.mspx and taking action as appropriate.
Thank you.
-
04-04-2004, 03:14 PM #4Junior Guru Wannabe
- Join Date
- Mar 2004
- Location
- Belgium
- Posts
- 81
Any recommendations regarding a good firewall?
-
04-04-2004, 04:59 PM #5Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
Visnetic for a software firewall.
Watchguard for hardware firewalls.
Thank you.
-
04-04-2004, 05:30 PM #6Junior Guru Wannabe
- Join Date
- Mar 2004
- Location
- Belgium
- Posts
- 81
Any free alternatives?
-
04-06-2004, 08:28 PM #7Junior Guru Wannabe
- Join Date
- Jan 2004
- Posts
- 67
Free and Good are hard to find at the same time, but maybe someone will have some open-source options...
-
04-06-2004, 09:50 PM #8Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings:
Well if you want free and good, then set up a Linux box as a front end running iptables ;-)
I hear Microsoft Corporation utilizes Linux boxes as part of their site security.
Thank you.
-
04-07-2004, 02:55 AM #9Junior Guru Wannabe
- Join Date
- Mar 2004
- Location
- Belgium
- Posts
- 81
Yes I know, I should be using linux :p
But I've concluded I don't have enough experience with Linux to put it somewhere remote and administrate it from home.
I've set up a linux box here, and I had to go do something with the machine itself WAAAAY to many times because I screwed up something with SSH...
-
04-07-2004, 05:32 AM #10Newbie
- Join Date
- Apr 2004
- Posts
- 9
My rule of server deployment.
1) Use a firewall (hardware should be used unless you are really strapped for cash)
2) In the firewall, disable everything and add only ports, ip ranges that need to be exposed to the outside.
3) Use only secure connection such as SSH.
4) Even if you are using SSH, use the firewall to block SSH to only your IP at home/work.
5) Add rules to firewall so that the firewall admin interface is only accessible to your home/work IP or locally in front of the machine.
6) Don't even think about running a Windows machine unless you have a firewall with damn strict rules listed above. Within seconds of you plugging a windoze server on a crowded colocation network, the ip will be hit with probed.