Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Information (http://www.velocityreviews.com/forums/f41-computer-information.html)
-   -   securely setting up a web server on my home network (http://www.velocityreviews.com/forums/t309297-securely-setting-up-a-web-server-on-my-home-network.html)

Calvin Crumrine 01-08-2004 06:42 PM

securely setting up a web server on my home network
 
Are there any suggestions for a site or books where I can learn more
about securely setting up a web/email server on my home network?

I intend to set up my own domain as soon as I find a good name that's
available but don't want to run into space restrictions-plus I want the
ability to try some different things without worrying about whether or
not my host supports them.

I have a hardware firewall on my network so I'd want the web server put
outside that, but I'd also want it protected-how to do that?

Thanks.


Duane Arnold 01-10-2004 06:29 AM

Re: securely setting up a web server on my home network
 
Calvin Crumrine <noneof@yourbusiness.com> wrote in
news:vvr8v8tingtn2b@corp.supernews.com:

> Are there any suggestions for a site or books where I can learn more
> about securely setting up a web/email server on my home network?
>
> I intend to set up my own domain as soon as I find a good name that's
> available but don't want to run into space restrictions-plus I want the
> ability to try some different things without worrying about whether or
> not my host supports them.
>
> I have a hardware firewall on my network so I'd want the web server put
> outside that, but I'd also want it protected-how to do that?
>
> Thanks.
>
>


What platform are you talking about here MS or Linux? And to be honest
about this, if you have got to ask these kind of questions, then maybe you
shouldn't be doing it.

Also, to expose a Webserver to the public Internet and not have it
protected by a NAT router device that has *limited FW like features* or a
true FW appliance is asking for trouble.

Duane :)

Calvin Crumrine 01-12-2004 05:33 PM

Re: securely setting up a web server on my home network
 
Duane Arnold wrote:
> Calvin Crumrine <noneof@yourbusiness.com> wrote in
> news:vvr8v8tingtn2b@corp.supernews.com:
>
>
>>Are there any suggestions for a site or books where I can learn more
>>about securely setting up a web/email server on my home network?
>>
>>I intend to set up my own domain as soon as I find a good name that's
>>available but don't want to run into space restrictions-plus I want the
>>ability to try some different things without worrying about whether or
>>not my host supports them.
>>
>>I have a hardware firewall on my network so I'd want the web server put
>>outside that, but I'd also want it protected-how to do that?
>>
>>Thanks.
>>
>>

>
>
> What platform are you talking about here MS or Linux? And to be honest
> about this, if you have got to ask these kind of questions, then maybe you
> shouldn't be doing it.
>
> Also, to expose a Webserver to the public Internet and not have it
> protected by a NAT router device that has *limited FW like features* or a
> true FW appliance is asking for trouble.
>
> Duane :)


IN case you didn't notice, we're talking about *learning* here-not
*doing*. Your question (MS vs. Linux) is a good one-it's one of mine
also. Where would you suggest I go to determine the answer?

I've got to say that your statement "if you have got to ask these kind
of questions, then maybe you shouldn't be doing it" is one of the worst
responses I've ever heard to a request to *learn* the answers to the
questions-unless you know of a way to learn those answers other than by
either asking the questions or trial-and-error (i.e. doing it).


DeMoN LaG 01-12-2004 10:17 PM

Re: securely setting up a web server on my home network
 
Calvin Crumrine <noneof@yourbusiness.com> wrote in news:1005medt1enooc4
@corp.supernews.com:

> I've got to say that your statement "if you have got to ask these kind
> of questions, then maybe you shouldn't be doing it" is one of the worst
> responses I've ever heard to a request to *learn* the answers to the
> questions-unless you know of a way to learn those answers other than by
> either asking the questions or trial-and-error (i.e. doing it).
>


I've done a number of stupid things with different technologies, too many
to count. It is part of the learning process. You just have to hope you
don't do anything that costs a ton of money or time to clean up.

--
AIM: FrznFoodClerk
email: de_on-lag@co_cast.net (_ = m)
website: under construction
Need a technician in the south Jersey area?
email/IM for rates/services

Duane Arnold 01-13-2004 01:17 AM

Re: securely setting up a web server on my home network
 
Calvin Crumrine <noneof@yourbusiness.com> wrote in
news:1005medt1enooc4@corp.supernews.com:

> Duane Arnold wrote:
>> Calvin Crumrine <noneof@yourbusiness.com> wrote in
>> news:vvr8v8tingtn2b@corp.supernews.com:
>>
>>
>>>Are there any suggestions for a site or books where I can learn more
>>>about securely setting up a web/email server on my home network?
>>>
>>>I intend to set up my own domain as soon as I find a good name that's
>>>available but don't want to run into space restrictions-plus I want
>>>the ability to try some different things without worrying about
>>>whether or not my host supports them.
>>>
>>>I have a hardware firewall on my network so I'd want the web server
>>>put outside that, but I'd also want it protected-how to do that?
>>>
>>>Thanks.
>>>
>>>

>>
>>
>> What platform are you talking about here MS or Linux? And to be
>> honest about this, if you have got to ask these kind of questions,
>> then maybe you shouldn't be doing it.
>>
>> Also, to expose a Webserver to the public Internet and not have it
>> protected by a NAT router device that has *limited FW like features*
>> or a true FW appliance is asking for trouble.
>>
>> Duane :)

>
> IN case you didn't notice, we're talking about *learning* here-not
> *doing*. Your question (MS vs. Linux) is a good one-it's one of mine
> also. Where would you suggest I go to determine the answer?


Both can be made equally as secure as the other as I understand it. I
have been using MS for many years so that's where I lean towards. As for
Linux, look into the RedHat 9 O/S series and Apache Webserver.

>
> I've got to say that your statement "if you have got to ask these kind
> of questions, then maybe you shouldn't be doing it" is one of the
> worst responses I've ever heard to a request to *learn* the answers to
> the questions-unless you know of a way to learn those answers other
> than by either asking the questions or trial-and-error (i.e. doing
> it).
>


Too many people run out here on the Internet that can hardly protect a
computer period for everyday home usage, let alone setup a Webserver and
configure it properly. And yet, they try to do it. But if you want a
couple of books to start with on MS, that would depend upon what platform
you'll be using NT based Pro workstation or server O/S.

And you should check with your ISP to see if they allow a machine running
Web service to run on the ISP's network. Many of them don't and they do
check for it, with possible termination of your account.

Duane :)


Duane :)




DeMoN LaG 01-13-2004 04:59 AM

Re: securely setting up a web server on my home network
 
Duane Arnold <notme@notme.com> wrote in news:Xns946EC43AA49A3notmwnotmecom@
204.127.204.17:

> Both can be made equally as secure as the other as I understand it. I
> have been using MS for many years so that's where I lean towards. As for
> Linux, look into the RedHat 9 O/S series and Apache Webserver.


I don't know if I entirely agree with this statement. Linux + Apache is
harder to exploit than Windows + IIS (or Windows + Apache, for that
matter). Most linux security holes let someone crash the running process,
while most recent windows holes give complete Administrator level
priviledges to the hacker.

--
AIM: FrznFoodClerk
email: de_on-lag@co_cast.net (_ = m)
website: under construction
Need a technician in the south Jersey area?
email/IM for rates/services

Calvin Crumrine 01-13-2004 04:53 PM

Re: securely setting up a web server on my home network
 
Duane Arnold wrote:
> Calvin Crumrine <noneof@yourbusiness.com> wrote in
> news:1005medt1enooc4@corp.supernews.com:
>
>
>>Duane Arnold wrote:
>>
>>>Calvin Crumrine <noneof@yourbusiness.com> wrote in
>>>news:vvr8v8tingtn2b@corp.supernews.com:
>>>
>>>
>>>
>>>>Are there any suggestions for a site or books where I can learn more
>>>>about securely setting up a web/email server on my home network?
>>>>
>>>>I intend to set up my own domain as soon as I find a good name that's
>>>>available but don't want to run into space restrictions-plus I want
>>>>the ability to try some different things without worrying about
>>>>whether or not my host supports them.
>>>>
>>>>I have a hardware firewall on my network so I'd want the web server
>>>>put outside that, but I'd also want it protected-how to do that?
>>>>
>>>>Thanks.
>>>>
>>>>
>>>
>>>
>>>What platform are you talking about here MS or Linux? And to be
>>>honest about this, if you have got to ask these kind of questions,
>>>then maybe you shouldn't be doing it.
>>>
>>>Also, to expose a Webserver to the public Internet and not have it
>>>protected by a NAT router device that has *limited FW like features*
>>>or a true FW appliance is asking for trouble.
>>>
>>>Duane :)

>>
>>IN case you didn't notice, we're talking about *learning* here-not
>>*doing*. Your question (MS vs. Linux) is a good one-it's one of mine
>>also. Where would you suggest I go to determine the answer?

>
>
> Both can be made equally as secure as the other as I understand it. I
> have been using MS for many years so that's where I lean towards. As for
> Linux, look into the RedHat 9 O/S series and Apache Webserver.
>
>
>>I've got to say that your statement "if you have got to ask these kind
>>of questions, then maybe you shouldn't be doing it" is one of the
>>worst responses I've ever heard to a request to *learn* the answers to
>>the questions-unless you know of a way to learn those answers other
>>than by either asking the questions or trial-and-error (i.e. doing
>>it).
>>

>
>
> Too many people run out here on the Internet that can hardly protect a
> computer period for everyday home usage, let alone setup a Webserver and
> configure it properly. And yet, they try to do it. But if you want a
> couple of books to start with on MS, that would depend upon what platform
> you'll be using NT based Pro workstation or server O/S.
>
> And you should check with your ISP to see if they allow a machine running
> Web service to run on the ISP's network. Many of them don't and they do
> check for it, with possible termination of your account.
>
> Duane :)
>
>
> Duane :)
>
>
>

If I do this at all-and I hope that I will but it all depends on my
ability to learn how to do it securely-then it will be with the
permission of my ISP. I've already looked into that part-it will cost an
extra $10/month for 'hosting' on my own machine. From their description
it appears that that covers the static IP address & permission to run
the server. I've already got 768/256Kbps cable service and if that
proves insufficient (probably not-I'm not planning on a high-traffic
site, just my own site on my own server more for learning than anything
else) I can increase it.

I'd appreciate you recommending some books-or better yet some web sites
if there are any. (I never seem to find the time to finish technical
books. First you read a little, then you need to set something up to
experiment a little, then you read a little more, then something
interrupts you & you need to tear down what you set up so you can use it
for a production job, then you try to find the time to set it back up
and get back to where you were so you can experiment a little more, etc.
I'm hoping that I've got enough 'spare' machines now that I can leave
one set up for this until I'm done-but I won't swear to it.)

I have versions of Win2K Pro, Win2K Server, WinXP Home, and WinXP Pro. I
assume that Win2K Server would be my best choice in the Windows line,
but I'm actually leaning more towards WinXP Pro. In either case our
Webmaster at work has advised me to use Apache rather than IIS-if I
decide on Windows at all.

My only problem with Linux is that I don't know it-is it fear of the
unknown or is it just fear of the learning curve? If I decide on Linux
should I set up a Linux workstation first & learn to use/secure that
before I complicate it by setting it up as a web server? Linux sounds
very attractive, but I can't abandon Windows-that would mean abandoning
all my customers. It would have to be a sideline for me so how expert
could I really become with it?


Calvin Crumrine 01-13-2004 04:59 PM

Re: securely setting up a web server on my home network
 
DeMoN LaG wrote:

> Duane Arnold <notme@notme.com> wrote in news:Xns946EC43AA49A3notmwnotmecom@
> 204.127.204.17:
>
>
>>Both can be made equally as secure as the other as I understand it. I
>>have been using MS for many years so that's where I lean towards. As for
>>Linux, look into the RedHat 9 O/S series and Apache Webserver.

>
>
> I don't know if I entirely agree with this statement. Linux + Apache is
> harder to exploit than Windows + IIS (or Windows + Apache, for that
> matter). Most linux security holes let someone crash the running process,
> while most recent windows holes give complete Administrator level
> priviledges to the hacker.
>


I'd really like to learn Linux-but I don't have any customers who use it
so the time I devote to it would be on my own nickel. Same is true of
the hardware/resources I use for it.

I think I've finally gotten enough hardware that I can devote some to it
but the time is still going to be a problem. Are there any resources you
would recommend to learn about it? Particularly about making it secure.


Duane Arnold 01-14-2004 12:05 AM

Re: securely setting up a web server on my home network
 
DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:

> Duane Arnold <notme@notme.com> wrote in
> news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
>
>> Both can be made equally as secure as the other as I understand it. I
>> have been using MS for many years so that's where I lean towards. As
>> for Linux, look into the RedHat 9 O/S series and Apache Webserver.

>
> I don't know if I entirely agree with this statement. Linux + Apache
> is harder to exploit than Windows + IIS (or Windows + Apache, for that
> matter). Most linux security holes let someone crash the running
> process, while most recent windows holes give complete Administrator
> level priviledges to the hacker.
>


I have read some articles where hackers were able to hack right to the
Kernel of the Linux O/S. I don't know if one can hack to the protected
O/S of an NT based O/S. Yes, there have been recent exploits on the MS
O/S. But I think that most who were exploited didn't apply the security
updates to the O/S that would have dealt with them. Or the machine was
sitting out on the Internet with a root based account in use on the
machine at the time of the exploit, so that a compromise of the machine
could take place based on the security context of an account that had
Admin priv(s), being used by the hacker.

Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if not
configured properly or one does something on their behalf to cause the
exploit. Once malware hits the machine using a Linux or MS O/S and is
able to execute, it's over.

Duane :)

Calvin Crumrine 01-14-2004 12:19 AM

Re: securely setting up a web server on my home network
 
Duane Arnold wrote:
> DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:
>
>
>>Duane Arnold <notme@notme.com> wrote in
>>news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
>>
>>
>>>Both can be made equally as secure as the other as I understand it. I
>>>have been using MS for many years so that's where I lean towards. As
>>>for Linux, look into the RedHat 9 O/S series and Apache Webserver.

>>
>>I don't know if I entirely agree with this statement. Linux + Apache
>>is harder to exploit than Windows + IIS (or Windows + Apache, for that
>>matter). Most linux security holes let someone crash the running
>>process, while most recent windows holes give complete Administrator
>>level priviledges to the hacker.
>>

>
>
> I have read some articles where hackers were able to hack right to the
> Kernel of the Linux O/S. I don't know if one can hack to the protected
> O/S of an NT based O/S. Yes, there have been recent exploits on the MS
> O/S. But I think that most who were exploited didn't apply the security
> updates to the O/S that would have dealt with them. Or the machine was
> sitting out on the Internet with a root based account in use on the
> machine at the time of the exploit, so that a compromise of the machine
> could take place based on the security context of an account that had
> Admin priv(s), being used by the hacker.
>
> Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if not
> configured properly or one does something on their behalf to cause the
> exploit. Once malware hits the machine using a Linux or MS O/S and is
> able to execute, it's over.
>
> Duane :)

I think you're right about people who were hacked didn't apply the
proper security updates-but I have two issues with that.

First, it's a full-time job figuring out which of the many, many,
Windows updates are needed. The *only* way of minimizing that job is to
apply all of them-and that leads to my second issue:

Second, it's a more than full-time job to test updates before you apply
them. Historically Microsoft has issued updates that on far too many
occasions have done more harm than good-so I don't blame *anyone* for
being slow to apply updates.

Given that the basic problem is with the number of updates, which has
more, Windows or Linux? (And to be fair, we should probably look at a
similar period of time-but I suspect that the only time period we could
agree would be appropriate would be the next year or so, about which we
have no data.)



All times are GMT. The time now is 10:23 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.