Results 1 to 12 of 12
  1. #1

    Big long question about server security

    Hello, I work for a company that has never had a website. They have an internet connection that employees use to access their desktops remotely. We have a server that works as a mail server and holds all our data.

    I made a website, and I got a secure and simple web server program, abyss x1 web server. I planned to put it on the server computer but our off-site IT guys said I need to get a dedicated server because it would be too much a security risk since all the data is on that server.

    I got a dedicated server up and running and I call them back and they tell me we would have to get a second internet connection to host the website off the other computer.

    It's not really very economical to get another internet connection so we don't want to do that. I was hoping somebody could give me some advice.

    I'm thinking if the computer is already an email server what's the huge risk of adding a simple little web site to the mix. The security problem already exists if there is one, the computer is already on the internet, right?

    Thanks in advance.
    Last edited by molton; 10-01-2009 at 05:52 PM. Reason: wording

  2. #2
    Join Date
    Jun 2009
    Posts
    80
    Just out of curiosity, is there a need to keep the website an in-house affair? There's about 100,000 hosting providers out there that can host big and small corporate websites.

    Yes, it's generally a bad idea having a public facing server also host sensitive business data. Just because the existing company server is on the net doesn't mean it isn't secured to prevent unauthorized access.

    If you expose a server to the public, the only data that should be on it is the data that needs to be there.

  3. #3
    The thing is we already have a server for our email on the internet. We have a name registered already for the email and we wanted the same name for the website. I figured we would just add a web server program to the existing server. Why pay somebody else for their bandwidth when we have enough already.
    If the server is secured than what harm, if any, could adding a secure web server program do?

  4. #4
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    Quote Originally Posted by molton View Post
    If the server is secured than what harm, if any, could adding a secure web server program do?
    The key word here is the first "if". Arguably it's a bad idea anyway to host a public-facing mailserver on the same machine that holds important data, but when you add a webserver you're opening up lots of extra potential entry points. Typically the most vulnerable are the web applications hosted on the "secure" webserver.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  5. #5
    Join Date
    Jun 2009
    Posts
    80
    Quote Originally Posted by molton View Post
    The thing is we already have a server for our email on the internet. We have a name registered already for the email and we wanted the same name for the website. I figured we would just add a web server program to the existing server. Why pay somebody else for their bandwidth when we have enough already.
    If the server is secured than what harm, if any, could adding a secure web server program do?
    I see what you're saying. Still, I wouldn't run e-mail/web services on the same server where confidential company data is stored in any case. These should really be separated into their own security domains. All it takes is the discovery and exploitation of just one vulnerability in your web or e-mail services and you've exposed the company to data theft and cyber vandalism.

    BTW, through the workings of DNS your web and e-mail services do not have to be on the same physical server, even if using a common domain name. That is what MX records are for.

  6. #6
    In general, running a self hosted server is a bad idea from both security and cost viewpoints.

    There are companies who do this and do it well. But, they have the internal expertise to do it. Small companies do not.

    If you have to ask what the ramifications are, then you are not at the required level of expertise to do attempt this.

    Even having to ask about the second connection is enough to demonstrate this, never mind not knowing the security ramifications.

    You may have a vested interest in keeping this in-house, but to repeat, it is a very bad idea.

    If you end up going ahead, the offsite support guys are going to have a field day with it. Everything bad that happens will be the fault of having the web server in house.
    edgedirector.com
    managed dns global failover and load balance (gslb)
    exactstate.com
    uptime report for webhostingtalk.com

  7. #7
    thanks for your responces, I went ahead and hosted it off another internet connection using shorturl.com to redirect the DNS stuff. We're going to try this and see how it works since it's $1.88 a year.

  8. #8
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by molton View Post
    thanks for your responces, I went ahead and hosted it off another internet connection using shorturl.com to redirect the DNS stuff. We're going to try this and see how it works since it's $1.88 a year.
    From what I understand this is for a corporate site, why are you going to rely on a $1.88/year service?
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  9. #9
    Join Date
    Feb 2008
    Location
    WI
    Posts
    38
    I would find a good host and not the cheapest one out there (for better service, security, and reliability) for the website and change the MX records to point to the e-mail server which does not have to be the same as the web server if that is what is desired.

  10. #10
    it's a simple web site that's main function is to look pretty, nobodies going to be loging into it, it's basically a nice business card of a website and I believe the $1.88 service could be all we need. So far so good. The MX record thing is the next step once we're sure this is the route we're going to take. Thanks again

  11. #11
    Join Date
    Dec 2006
    Posts
    477
    That sort of site you can get hosted in a data center for about $5 a month and the hosting provider will look after all the security and patching for you.

  12. #12
    Quote Originally Posted by molton View Post
    and I believe the $1.88 service could be all we need.
    and when it all goes wrong?

    What you are saying is "our online web presence is only worth $1.88 a year..."
    Ore Stone Radio
    Playing the best unsigned new music 24 hours a day
    Musicians - Visit our forums to submit your music for airplay

    www.orestoneradio.com an Ore Stone Music Ltd. Company

Similar Threads

  1. please answer my question about server security!
    By rigliz in forum Web Hosting
    Replies: 12
    Last Post: 09-18-2009, 10:16 PM
  2. Replies: 6
    Last Post: 05-04-2009, 11:09 PM
  3. Server security question
    By HakonHoy in forum Dedicated Server
    Replies: 5
    Last Post: 09-01-2008, 09:49 AM
  4. Noob question about server uptime, how long is too long?
    By BillyT in forum Dedicated Server
    Replies: 3
    Last Post: 08-30-2006, 10:48 PM
  5. Question regarding the security of the server
    By gvc in forum Web Hosting
    Replies: 2
    Last Post: 10-09-2001, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •