securely setting up a web server on my home network

Discussion in 'Computer Information' started by Calvin Crumrine, Jan 8, 2004.

  1. Are there any suggestions for a site or books where I can learn more
    about securely setting up a web/email server on my home network?

    I intend to set up my own domain as soon as I find a good name that's
    available but don't want to run into space restrictions-plus I want the
    ability to try some different things without worrying about whether or
    not my host supports them.

    I have a hardware firewall on my network so I'd want the web server put
    outside that, but I'd also want it protected-how to do that?

    Thanks.
     
    Calvin Crumrine, Jan 8, 2004
    #1
    1. Advertising

  2. Calvin Crumrine

    Duane Arnold Guest

    Calvin Crumrine <> wrote in
    news::

    > Are there any suggestions for a site or books where I can learn more
    > about securely setting up a web/email server on my home network?
    >
    > I intend to set up my own domain as soon as I find a good name that's
    > available but don't want to run into space restrictions-plus I want the
    > ability to try some different things without worrying about whether or
    > not my host supports them.
    >
    > I have a hardware firewall on my network so I'd want the web server put
    > outside that, but I'd also want it protected-how to do that?
    >
    > Thanks.
    >
    >


    What platform are you talking about here MS or Linux? And to be honest
    about this, if you have got to ask these kind of questions, then maybe you
    shouldn't be doing it.

    Also, to expose a Webserver to the public Internet and not have it
    protected by a NAT router device that has *limited FW like features* or a
    true FW appliance is asking for trouble.

    Duane :)
     
    Duane Arnold, Jan 10, 2004
    #2
    1. Advertising

  3. Duane Arnold wrote:
    > Calvin Crumrine <> wrote in
    > news::
    >
    >
    >>Are there any suggestions for a site or books where I can learn more
    >>about securely setting up a web/email server on my home network?
    >>
    >>I intend to set up my own domain as soon as I find a good name that's
    >>available but don't want to run into space restrictions-plus I want the
    >>ability to try some different things without worrying about whether or
    >>not my host supports them.
    >>
    >>I have a hardware firewall on my network so I'd want the web server put
    >>outside that, but I'd also want it protected-how to do that?
    >>
    >>Thanks.
    >>
    >>

    >
    >
    > What platform are you talking about here MS or Linux? And to be honest
    > about this, if you have got to ask these kind of questions, then maybe you
    > shouldn't be doing it.
    >
    > Also, to expose a Webserver to the public Internet and not have it
    > protected by a NAT router device that has *limited FW like features* or a
    > true FW appliance is asking for trouble.
    >
    > Duane :)


    IN case you didn't notice, we're talking about *learning* here-not
    *doing*. Your question (MS vs. Linux) is a good one-it's one of mine
    also. Where would you suggest I go to determine the answer?

    I've got to say that your statement "if you have got to ask these kind
    of questions, then maybe you shouldn't be doing it" is one of the worst
    responses I've ever heard to a request to *learn* the answers to the
    questions-unless you know of a way to learn those answers other than by
    either asking the questions or trial-and-error (i.e. doing it).
     
    Calvin Crumrine, Jan 12, 2004
    #3
  4. Calvin Crumrine

    DeMoN LaG Guest

    Calvin Crumrine <> wrote in news:1005medt1enooc4
    @corp.supernews.com:

    > I've got to say that your statement "if you have got to ask these kind
    > of questions, then maybe you shouldn't be doing it" is one of the worst
    > responses I've ever heard to a request to *learn* the answers to the
    > questions-unless you know of a way to learn those answers other than by
    > either asking the questions or trial-and-error (i.e. doing it).
    >


    I've done a number of stupid things with different technologies, too many
    to count. It is part of the learning process. You just have to hope you
    don't do anything that costs a ton of money or time to clean up.

    --
    AIM: FrznFoodClerk
    email: de_on-lag@co_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
     
    DeMoN LaG, Jan 12, 2004
    #4
  5. Calvin Crumrine

    Duane Arnold Guest

    Calvin Crumrine <> wrote in
    news::

    > Duane Arnold wrote:
    >> Calvin Crumrine <> wrote in
    >> news::
    >>
    >>
    >>>Are there any suggestions for a site or books where I can learn more
    >>>about securely setting up a web/email server on my home network?
    >>>
    >>>I intend to set up my own domain as soon as I find a good name that's
    >>>available but don't want to run into space restrictions-plus I want
    >>>the ability to try some different things without worrying about
    >>>whether or not my host supports them.
    >>>
    >>>I have a hardware firewall on my network so I'd want the web server
    >>>put outside that, but I'd also want it protected-how to do that?
    >>>
    >>>Thanks.
    >>>
    >>>

    >>
    >>
    >> What platform are you talking about here MS or Linux? And to be
    >> honest about this, if you have got to ask these kind of questions,
    >> then maybe you shouldn't be doing it.
    >>
    >> Also, to expose a Webserver to the public Internet and not have it
    >> protected by a NAT router device that has *limited FW like features*
    >> or a true FW appliance is asking for trouble.
    >>
    >> Duane :)

    >
    > IN case you didn't notice, we're talking about *learning* here-not
    > *doing*. Your question (MS vs. Linux) is a good one-it's one of mine
    > also. Where would you suggest I go to determine the answer?


    Both can be made equally as secure as the other as I understand it. I
    have been using MS for many years so that's where I lean towards. As for
    Linux, look into the RedHat 9 O/S series and Apache Webserver.

    >
    > I've got to say that your statement "if you have got to ask these kind
    > of questions, then maybe you shouldn't be doing it" is one of the
    > worst responses I've ever heard to a request to *learn* the answers to
    > the questions-unless you know of a way to learn those answers other
    > than by either asking the questions or trial-and-error (i.e. doing
    > it).
    >


    Too many people run out here on the Internet that can hardly protect a
    computer period for everyday home usage, let alone setup a Webserver and
    configure it properly. And yet, they try to do it. But if you want a
    couple of books to start with on MS, that would depend upon what platform
    you'll be using NT based Pro workstation or server O/S.

    And you should check with your ISP to see if they allow a machine running
    Web service to run on the ISP's network. Many of them don't and they do
    check for it, with possible termination of your account.

    Duane :)


    Duane :)
     
    Duane Arnold, Jan 13, 2004
    #5
  6. Calvin Crumrine

    DeMoN LaG Guest

    Duane Arnold <> wrote in news:Xns946EC43AA49A3notmwnotmecom@
    204.127.204.17:

    > Both can be made equally as secure as the other as I understand it. I
    > have been using MS for many years so that's where I lean towards. As for
    > Linux, look into the RedHat 9 O/S series and Apache Webserver.


    I don't know if I entirely agree with this statement. Linux + Apache is
    harder to exploit than Windows + IIS (or Windows + Apache, for that
    matter). Most linux security holes let someone crash the running process,
    while most recent windows holes give complete Administrator level
    priviledges to the hacker.

    --
    AIM: FrznFoodClerk
    email: de_on-lag@co_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
     
    DeMoN LaG, Jan 13, 2004
    #6
  7. Duane Arnold wrote:
    > Calvin Crumrine <> wrote in
    > news::
    >
    >
    >>Duane Arnold wrote:
    >>
    >>>Calvin Crumrine <> wrote in
    >>>news::
    >>>
    >>>
    >>>
    >>>>Are there any suggestions for a site or books where I can learn more
    >>>>about securely setting up a web/email server on my home network?
    >>>>
    >>>>I intend to set up my own domain as soon as I find a good name that's
    >>>>available but don't want to run into space restrictions-plus I want
    >>>>the ability to try some different things without worrying about
    >>>>whether or not my host supports them.
    >>>>
    >>>>I have a hardware firewall on my network so I'd want the web server
    >>>>put outside that, but I'd also want it protected-how to do that?
    >>>>
    >>>>Thanks.
    >>>>
    >>>>
    >>>
    >>>
    >>>What platform are you talking about here MS or Linux? And to be
    >>>honest about this, if you have got to ask these kind of questions,
    >>>then maybe you shouldn't be doing it.
    >>>
    >>>Also, to expose a Webserver to the public Internet and not have it
    >>>protected by a NAT router device that has *limited FW like features*
    >>>or a true FW appliance is asking for trouble.
    >>>
    >>>Duane :)

    >>
    >>IN case you didn't notice, we're talking about *learning* here-not
    >>*doing*. Your question (MS vs. Linux) is a good one-it's one of mine
    >>also. Where would you suggest I go to determine the answer?

    >
    >
    > Both can be made equally as secure as the other as I understand it. I
    > have been using MS for many years so that's where I lean towards. As for
    > Linux, look into the RedHat 9 O/S series and Apache Webserver.
    >
    >
    >>I've got to say that your statement "if you have got to ask these kind
    >>of questions, then maybe you shouldn't be doing it" is one of the
    >>worst responses I've ever heard to a request to *learn* the answers to
    >>the questions-unless you know of a way to learn those answers other
    >>than by either asking the questions or trial-and-error (i.e. doing
    >>it).
    >>

    >
    >
    > Too many people run out here on the Internet that can hardly protect a
    > computer period for everyday home usage, let alone setup a Webserver and
    > configure it properly. And yet, they try to do it. But if you want a
    > couple of books to start with on MS, that would depend upon what platform
    > you'll be using NT based Pro workstation or server O/S.
    >
    > And you should check with your ISP to see if they allow a machine running
    > Web service to run on the ISP's network. Many of them don't and they do
    > check for it, with possible termination of your account.
    >
    > Duane :)
    >
    >
    > Duane :)
    >
    >
    >

    If I do this at all-and I hope that I will but it all depends on my
    ability to learn how to do it securely-then it will be with the
    permission of my ISP. I've already looked into that part-it will cost an
    extra $10/month for 'hosting' on my own machine. From their description
    it appears that that covers the static IP address & permission to run
    the server. I've already got 768/256Kbps cable service and if that
    proves insufficient (probably not-I'm not planning on a high-traffic
    site, just my own site on my own server more for learning than anything
    else) I can increase it.

    I'd appreciate you recommending some books-or better yet some web sites
    if there are any. (I never seem to find the time to finish technical
    books. First you read a little, then you need to set something up to
    experiment a little, then you read a little more, then something
    interrupts you & you need to tear down what you set up so you can use it
    for a production job, then you try to find the time to set it back up
    and get back to where you were so you can experiment a little more, etc.
    I'm hoping that I've got enough 'spare' machines now that I can leave
    one set up for this until I'm done-but I won't swear to it.)

    I have versions of Win2K Pro, Win2K Server, WinXP Home, and WinXP Pro. I
    assume that Win2K Server would be my best choice in the Windows line,
    but I'm actually leaning more towards WinXP Pro. In either case our
    Webmaster at work has advised me to use Apache rather than IIS-if I
    decide on Windows at all.

    My only problem with Linux is that I don't know it-is it fear of the
    unknown or is it just fear of the learning curve? If I decide on Linux
    should I set up a Linux workstation first & learn to use/secure that
    before I complicate it by setting it up as a web server? Linux sounds
    very attractive, but I can't abandon Windows-that would mean abandoning
    all my customers. It would have to be a sideline for me so how expert
    could I really become with it?
     
    Calvin Crumrine, Jan 13, 2004
    #7
  8. DeMoN LaG wrote:

    > Duane Arnold <> wrote in news:Xns946EC43AA49A3notmwnotmecom@
    > 204.127.204.17:
    >
    >
    >>Both can be made equally as secure as the other as I understand it. I
    >>have been using MS for many years so that's where I lean towards. As for
    >>Linux, look into the RedHat 9 O/S series and Apache Webserver.

    >
    >
    > I don't know if I entirely agree with this statement. Linux + Apache is
    > harder to exploit than Windows + IIS (or Windows + Apache, for that
    > matter). Most linux security holes let someone crash the running process,
    > while most recent windows holes give complete Administrator level
    > priviledges to the hacker.
    >


    I'd really like to learn Linux-but I don't have any customers who use it
    so the time I devote to it would be on my own nickel. Same is true of
    the hardware/resources I use for it.

    I think I've finally gotten enough hardware that I can devote some to it
    but the time is still going to be a problem. Are there any resources you
    would recommend to learn about it? Particularly about making it secure.
     
    Calvin Crumrine, Jan 13, 2004
    #8
  9. Calvin Crumrine

    Duane Arnold Guest

    DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:

    > Duane Arnold <> wrote in
    > news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
    >
    >> Both can be made equally as secure as the other as I understand it. I
    >> have been using MS for many years so that's where I lean towards. As
    >> for Linux, look into the RedHat 9 O/S series and Apache Webserver.

    >
    > I don't know if I entirely agree with this statement. Linux + Apache
    > is harder to exploit than Windows + IIS (or Windows + Apache, for that
    > matter). Most linux security holes let someone crash the running
    > process, while most recent windows holes give complete Administrator
    > level priviledges to the hacker.
    >


    I have read some articles where hackers were able to hack right to the
    Kernel of the Linux O/S. I don't know if one can hack to the protected
    O/S of an NT based O/S. Yes, there have been recent exploits on the MS
    O/S. But I think that most who were exploited didn't apply the security
    updates to the O/S that would have dealt with them. Or the machine was
    sitting out on the Internet with a root based account in use on the
    machine at the time of the exploit, so that a compromise of the machine
    could take place based on the security context of an account that had
    Admin priv(s), being used by the hacker.

    Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if not
    configured properly or one does something on their behalf to cause the
    exploit. Once malware hits the machine using a Linux or MS O/S and is
    able to execute, it's over.

    Duane :)
     
    Duane Arnold, Jan 14, 2004
    #9
  10. Duane Arnold wrote:
    > DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:
    >
    >
    >>Duane Arnold <> wrote in
    >>news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
    >>
    >>
    >>>Both can be made equally as secure as the other as I understand it. I
    >>>have been using MS for many years so that's where I lean towards. As
    >>>for Linux, look into the RedHat 9 O/S series and Apache Webserver.

    >>
    >>I don't know if I entirely agree with this statement. Linux + Apache
    >>is harder to exploit than Windows + IIS (or Windows + Apache, for that
    >>matter). Most linux security holes let someone crash the running
    >>process, while most recent windows holes give complete Administrator
    >>level priviledges to the hacker.
    >>

    >
    >
    > I have read some articles where hackers were able to hack right to the
    > Kernel of the Linux O/S. I don't know if one can hack to the protected
    > O/S of an NT based O/S. Yes, there have been recent exploits on the MS
    > O/S. But I think that most who were exploited didn't apply the security
    > updates to the O/S that would have dealt with them. Or the machine was
    > sitting out on the Internet with a root based account in use on the
    > machine at the time of the exploit, so that a compromise of the machine
    > could take place based on the security context of an account that had
    > Admin priv(s), being used by the hacker.
    >
    > Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if not
    > configured properly or one does something on their behalf to cause the
    > exploit. Once malware hits the machine using a Linux or MS O/S and is
    > able to execute, it's over.
    >
    > Duane :)

    I think you're right about people who were hacked didn't apply the
    proper security updates-but I have two issues with that.

    First, it's a full-time job figuring out which of the many, many,
    Windows updates are needed. The *only* way of minimizing that job is to
    apply all of them-and that leads to my second issue:

    Second, it's a more than full-time job to test updates before you apply
    them. Historically Microsoft has issued updates that on far too many
    occasions have done more harm than good-so I don't blame *anyone* for
    being slow to apply updates.

    Given that the basic problem is with the number of updates, which has
    more, Windows or Linux? (And to be fair, we should probably look at a
    similar period of time-but I suspect that the only time period we could
    agree would be appropriate would be the next year or so, about which we
    have no data.)
     
    Calvin Crumrine, Jan 14, 2004
    #10
  11. Calvin Crumrine

    DeMoN LaG Guest

    Duane Arnold <> wrote in
    news:Xns946FB81D13468darnold92insightbbco@204.127.204.17:

    > Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if not
    > configured properly or one does something on their behalf to cause the
    > exploit. Once malware hits the machine using a Linux or MS O/S and is
    > able to execute, it's over.


    This is entirely true, but MS makes it far to easy to exploit. Everyone in
    XP home by default is an administrator.

    Also, consider that Linux has security patches probably daily if you count
    everything done to the open source stuff. MS probably has just as many bug
    fixes a day, except the source isn't open and we don't see the changes they
    are making.

    Finally, to configure linux to not do dumb things and look ready to
    exploit, you simply install it. To do the same on Windows requires
    installing it, installing a dozen security patches, changing a few options
    here and there, installing a decent firewill application, and possibly
    more.

    --
    AIM: FrznFoodClerk
    email: de_on-lag@co_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
     
    DeMoN LaG, Jan 14, 2004
    #11
  12. Calvin Crumrine

    Duane Arnold Guest

    Calvin Crumrine <> wrote in
    news::

    > Duane Arnold wrote:
    >> DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:
    >>
    >>
    >>>Duane Arnold <> wrote in
    >>>news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
    >>>
    >>>
    >>>>Both can be made equally as secure as the other as I understand it.
    >>>>I have been using MS for many years so that's where I lean towards.
    >>>>As for Linux, look into the RedHat 9 O/S series and Apache
    >>>>Webserver.
    >>>
    >>>I don't know if I entirely agree with this statement. Linux + Apache
    >>>is harder to exploit than Windows + IIS (or Windows + Apache, for
    >>>that matter). Most linux security holes let someone crash the
    >>>running process, while most recent windows holes give complete
    >>>Administrator level priviledges to the hacker.
    >>>

    >>
    >>
    >> I have read some articles where hackers were able to hack right to
    >> the Kernel of the Linux O/S. I don't know if one can hack to the
    >> protected O/S of an NT based O/S. Yes, there have been recent
    >> exploits on the MS O/S. But I think that most who were exploited
    >> didn't apply the security updates to the O/S that would have dealt
    >> with them. Or the machine was sitting out on the Internet with a root
    >> based account in use on the machine at the time of the exploit, so
    >> that a compromise of the machine could take place based on the
    >> security context of an account that had Admin priv(s), being used by
    >> the hacker.
    >>
    >> Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if
    >> not configured properly or one does something on their behalf to
    >> cause the exploit. Once malware hits the machine using a Linux or MS
    >> O/S and is able to execute, it's over.
    >>
    >> Duane :)

    > I think you're right about people who were hacked didn't apply the
    > proper security updates-but I have two issues with that.
    >
    > First, it's a full-time job figuring out which of the many, many,
    > Windows updates are needed. The *only* way of minimizing that job is
    > to apply all of them-and that leads to my second issue:
    >
    > Second, it's a more than full-time job to test updates before you
    > apply them. Historically Microsoft has issued updates that on far too
    > many occasions have done more harm than good-so I don't blame *anyone*
    > for being slow to apply updates.


    I look for three words *Critical Security Update*. If it has those words,
    it will be applied to the machines at all times. And in general, I apply
    all recommenced fixes or upgrades etc. etc. I don't want to be caught like
    Tech Support on the job the next day after, as they raced around corporate
    applying all things they had ignored up to that point when the RPC exploit
    hit.

    As for the security of the Webserver, I would suggest using IIS on the
    Server Edition of Win2K, because IIS on the Server Edition as security
    features that are not available on the Workstation edition. On the
    Directory Tab, IP Security is not applicable on the Workstation version.
    But you can cover that on the workstation version and supplement the Server
    version using IPsec.

    something simple

    http://www.petri.co.il/ipsec_block_ping.htm

    The nuts and bolts on the howto(s)

    http://lists.gpick.com/pages/IP_Security_(IPSec).htm

    I would suggest going to the library and see if they have two books that
    can be checkout or purchase them.

    1) Windows 2000 Server Resource Kit Book Book Chapter 18 Implementing
    TCP/IP Security in the WIn2k SRKB along with other chapters as needed.

    2) Win Security Resource Kit Book Chapter 21 Implementing Security for MS
    IIS 5.0 and it also talks about *Best Practices* for IIS security. It also
    provides additional information and article links such as below. And read
    other chapters as needed.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;315669

    These I have found and used the suggestions.

    http://www.itso.iu.edu/howto/iis/#best

    http://www.lokbox.net/SecureXP/

    Hell, since the core compontes of the NT based PRO and Server are just
    about the same, a lot in the link can be applied to both versions of the
    O/S(s). However, not everything such as TCP/IP Security is being covered as
    opposed to the books.

    http://www.uksecurityonline.com/husdg/w2kp2.php

    Security Topologies you can implement.

    http://www.dslreports.com/forum/remark,5171179~root=security,1~mode=flat

    Most likely, that NAT router with BS firewall (I got one too) meets the
    specs below.

    http://www.homenethelp.com/web/explain/about-NAT.asp

    WatchGuard, Cisco, etc FW appliances meet the spec below

    http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html

    www.cdw.com has a nice price on WatchGaurd Firebox III SOHO 6. Hopefully,
    I'll get one soon to continue my education.

    I do use BlackIce on all my machines. Why, because that damn IDS works and
    you cannot account for shit coming down Port 80 to IIS for valid network
    traffic between machines. BI protects the services on the machine, it has
    good logging and it has that Application Control and will stop a *Drive
    By*.

    Since you made me feel bad about my initial response to your post, this is
    something I just found out about this past weekend. I watched it go into
    action on a Website. <g>

    http://mvps.org/winhelp2002/hosts.htm
    http://accs-net.com/hosts/HostsToggle/

    Later!

    Duane :)
     
    Duane Arnold, Jan 14, 2004
    #12
  13. Duane Arnold wrote:
    > Calvin Crumrine <> wrote in
    > news::
    >
    >
    >>Duane Arnold wrote:
    >>
    >>>DeMoN LaG <n@a> wrote in news:Xns946EF3EF286C2Wobbly@216.168.3.30:
    >>>
    >>>
    >>>
    >>>>Duane Arnold <> wrote in
    >>>>news:Xns946EC43AA49A3notmwnotmecom@ 204.127.204.17:
    >>>>
    >>>>
    >>>>
    >>>>>Both can be made equally as secure as the other as I understand it.
    >>>>>I have been using MS for many years so that's where I lean towards.
    >>>>>As for Linux, look into the RedHat 9 O/S series and Apache
    >>>>>Webserver.
    >>>>
    >>>>I don't know if I entirely agree with this statement. Linux + Apache
    >>>>is harder to exploit than Windows + IIS (or Windows + Apache, for
    >>>>that matter). Most linux security holes let someone crash the
    >>>>running process, while most recent windows holes give complete
    >>>>Administrator level priviledges to the hacker.
    >>>>
    >>>
    >>>
    >>>I have read some articles where hackers were able to hack right to
    >>>the Kernel of the Linux O/S. I don't know if one can hack to the
    >>>protected O/S of an NT based O/S. Yes, there have been recent
    >>>exploits on the MS O/S. But I think that most who were exploited
    >>>didn't apply the security updates to the O/S that would have dealt
    >>>with them. Or the machine was sitting out on the Internet with a root
    >>>based account in use on the machine at the time of the exploit, so
    >>>that a compromise of the machine could take place based on the
    >>>security context of an account that had Admin priv(s), being used by
    >>>the hacker.
    >>>
    >>>Root Tool Kits or backdoor Trojans can be applied to both O/S(s), if
    >>>not configured properly or one does something on their behalf to
    >>>cause the exploit. Once malware hits the machine using a Linux or MS
    >>>O/S and is able to execute, it's over.
    >>>
    >>>Duane :)

    >>
    >>I think you're right about people who were hacked didn't apply the
    >>proper security updates-but I have two issues with that.
    >>
    >>First, it's a full-time job figuring out which of the many, many,
    >>Windows updates are needed. The *only* way of minimizing that job is
    >>to apply all of them-and that leads to my second issue:
    >>
    >>Second, it's a more than full-time job to test updates before you
    >>apply them. Historically Microsoft has issued updates that on far too
    >>many occasions have done more harm than good-so I don't blame *anyone*
    >>for being slow to apply updates.

    >
    >
    > I look for three words *Critical Security Update*. If it has those words,
    > it will be applied to the machines at all times. And in general, I apply
    > all recommenced fixes or upgrades etc. etc. I don't want to be caught like
    > Tech Support on the job the next day after, as they raced around corporate
    > applying all things they had ignored up to that point when the RPC exploit
    > hit.
    >
    > As for the security of the Webserver, I would suggest using IIS on the
    > Server Edition of Win2K, because IIS on the Server Edition as security
    > features that are not available on the Workstation edition. On the
    > Directory Tab, IP Security is not applicable on the Workstation version.
    > But you can cover that on the workstation version and supplement the Server
    > version using IPsec.
    >
    > something simple
    >
    > http://www.petri.co.il/ipsec_block_ping.htm
    >
    > The nuts and bolts on the howto(s)
    >
    > http://lists.gpick.com/pages/IP_Security_(IPSec).htm
    >
    > I would suggest going to the library and see if they have two books that
    > can be checkout or purchase them.
    >
    > 1) Windows 2000 Server Resource Kit Book Book Chapter 18 Implementing
    > TCP/IP Security in the WIn2k SRKB along with other chapters as needed.
    >
    > 2) Win Security Resource Kit Book Chapter 21 Implementing Security for MS
    > IIS 5.0 and it also talks about *Best Practices* for IIS security. It also
    > provides additional information and article links such as below. And read
    > other chapters as needed.
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;315669
    >
    > These I have found and used the suggestions.
    >
    > http://www.itso.iu.edu/howto/iis/#best
    >
    > http://www.lokbox.net/SecureXP/
    >
    > Hell, since the core compontes of the NT based PRO and Server are just
    > about the same, a lot in the link can be applied to both versions of the
    > O/S(s). However, not everything such as TCP/IP Security is being covered as
    > opposed to the books.
    >
    > http://www.uksecurityonline.com/husdg/w2kp2.php
    >
    > Security Topologies you can implement.
    >
    > http://www.dslreports.com/forum/remark,5171179~root=security,1~mode=flat
    >
    > Most likely, that NAT router with BS firewall (I got one too) meets the
    > specs below.
    >
    > http://www.homenethelp.com/web/explain/about-NAT.asp
    >
    > WatchGuard, Cisco, etc FW appliances meet the spec below
    >
    > http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html
    >
    > www.cdw.com has a nice price on WatchGaurd Firebox III SOHO 6. Hopefully,
    > I'll get one soon to continue my education.
    >
    > I do use BlackIce on all my machines. Why, because that damn IDS works and
    > you cannot account for shit coming down Port 80 to IIS for valid network
    > traffic between machines. BI protects the services on the machine, it has
    > good logging and it has that Application Control and will stop a *Drive
    > By*.
    >
    > Since you made me feel bad about my initial response to your post, this is
    > something I just found out about this past weekend. I watched it go into
    > action on a Website. <g>
    >
    > http://mvps.org/winhelp2002/hosts.htm
    > http://accs-net.com/hosts/HostsToggle/
    >
    > Later!
    >
    > Duane :)
    >
    >

    That HostsToggle is cool-I used the hosts file several years ago to
    block ads but eventually abandoned it because of the problems that
    HostsToggle solves. I don't understand your statement about it going
    into action on a Webiste though-unless you're talking about using it on
    your machine & watching it work when you visited a Website. I guess that
    makes sense.

    Thanks for all the links-looks like I'll spend the next couple of weeks
    doing a lot of reading.
     
    Calvin Crumrine, Jan 14, 2004
    #13
  14. Calvin Crumrine

    Duane Arnold Guest

    Calvin Crumrine <> wrote in news:100asm8gd4g1j45
    @corp.supernews.com:

    > I don't understand your statement about it going
    > into action on a Webiste though-unless you're talking about using it on
    > your machine & watching it work when you visited a Website. I guess that
    > makes sense.
    >


    Yes, that what I mean. Someone in another NG had mentioned that a site
    mvp.org was a *drive by* site. So I tested HOST on the site. IE stopped the
    download and BlackIce would have done that too. But when I tried to leave
    the site, the NT login screen popped-up for a login because of 127.0.0.1
    being applied to a DNS in the HOST file.

    Good luck to you on your mission.

    Duane :)
     
    Duane Arnold, Jan 14, 2004
    #14
  15. Calvin Crumrine

    Duane Arnold Guest

    DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:

    > To do the same on Windows requires
    > installing it, installing a dozen security patches, changing a few
    > options here and there, installing a decent firewill application, and
    > possibly more.
    >


    The way I look at that. It's an opportunity to make money as more and more
    house holds and small businesses doing networking need to have things
    configured properly and most of them are coming to MS not Linux.

    Duane :)
     
    Duane Arnold, Jan 14, 2004
    #15
  16. Duane Arnold wrote:

    > DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
    >
    >
    >>To do the same on Windows requires
    >>installing it, installing a dozen security patches, changing a few
    >>options here and there, installing a decent firewill application, and
    >>possibly more.
    >>

    >
    >
    > The way I look at that. It's an opportunity to make money as more and more
    > house holds and small businesses doing networking need to have things
    > configured properly and most of them are coming to MS not Linux.
    >
    > Duane :)


    Which is a *real* strong argument for putting Microsoft out of business.
    Sure, making crappy cars is good for mechanics-but it's not so good for
    the US, now is it?
     
    Calvin Crumrine, Jan 15, 2004
    #16
  17. Calvin Crumrine

    Duane Arnold Guest

    Calvin Crumrine <> wrote in
    news::

    > Duane Arnold wrote:
    >
    >> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
    >>
    >>
    >>>To do the same on Windows requires
    >>>installing it, installing a dozen security patches, changing a few
    >>>options here and there, installing a decent firewill application, and
    >>>possibly more.
    >>>

    >>
    >>
    >> The way I look at that. It's an opportunity to make money as more and
    >> more house holds and small businesses doing networking need to have
    >> things configured properly and most of them are coming to MS not
    >> Linux.
    >>
    >> Duane :)

    >
    > Which is a *real* strong argument for putting Microsoft out of
    > business. Sure, making crappy cars is good for mechanics-but it's not
    > so good for the US, now is it?
    >
    >


    Now do you really think that's going to happen? People working for MS or
    any business for that matter have mouths to feed, cars, and homes to make
    payments and kids to put through college. Do you really think that they
    are going to let something like Linux just take over the market? You can
    bet that MS will stop anything that becomes a threat, by any means
    necessary. Yeah, Linux may be good, but on the other hand, Linux has not
    put one dime in my pockets. And that's all that counts as far as I am
    concerned. Yeah, Linux will get its little share of the market and share
    it with the others who are sharing that same little share.

    Do you think MS is going to let happen to it like what happened to IBM? I
    would not count on that if I were you.
     
    Duane Arnold, Jan 15, 2004
    #17
  18. Duane Arnold wrote:
    > Calvin Crumrine <> wrote in
    > news::
    >
    >
    >>Duane Arnold wrote:
    >>
    >>
    >>>DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
    >>>
    >>>
    >>>
    >>>>To do the same on Windows requires
    >>>>installing it, installing a dozen security patches, changing a few
    >>>>options here and there, installing a decent firewill application, and
    >>>>possibly more.
    >>>>
    >>>
    >>>
    >>>The way I look at that. It's an opportunity to make money as more and
    >>>more house holds and small businesses doing networking need to have
    >>>things configured properly and most of them are coming to MS not
    >>>Linux.
    >>>
    >>>Duane :)

    >>
    >>Which is a *real* strong argument for putting Microsoft out of
    >>business. Sure, making crappy cars is good for mechanics-but it's not
    >>so good for the US, now is it?
    >>
    >>

    >
    >
    > Now do you really think that's going to happen? People working for MS or
    > any business for that matter have mouths to feed, cars, and homes to make
    > payments and kids to put through college. Do you really think that they
    > are going to let something like Linux just take over the market? You can
    > bet that MS will stop anything that becomes a threat, by any means
    > necessary. Yeah, Linux may be good, but on the other hand, Linux has not
    > put one dime in my pockets. And that's all that counts as far as I am
    > concerned. Yeah, Linux will get its little share of the market and share
    > it with the others who are sharing that same little share.
    >
    > Do you think MS is going to let happen to it like what happened to IBM? I
    > would not count on that if I were you.

    Do you think that IBM would have let it happen if it could have
    prevented it? Maybe-*maybe*-Microsoft will learn from IBM's mistakes. I
    don't see any sign of it so far. It seems far more likely to me that
    Microsoft is arrogant enough to believe that it *can't* happen to them
    because they don't make that kind of mistake. And if that's what they
    believe, as their corporate culture, then eventually it *will* happen to
    them & all those people with mouths to feed, etc. will be running around
    asking "What happened?"

    It's happened before-often. Those who won't learn from history are
    condemned to repeat it.
     
    Calvin Crumrine, Jan 15, 2004
    #18
  19. Calvin Crumrine

    Night_Seer Guest

    Calvin Crumrine wrote:
    > Duane Arnold wrote:
    >> Calvin Crumrine <> wrote in
    >> news::
    >>
    >>
    >>> Duane Arnold wrote:
    >>>
    >>>
    >>>> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
    >>>>
    >>>>
    >>>>
    >>>>> To do the same on Windows requires
    >>>>> installing it, installing a dozen security patches, changing a few
    >>>>> options here and there, installing a decent firewill application,
    >>>>> and possibly more.
    >>>>>
    >>>>
    >>>>
    >>>> The way I look at that. It's an opportunity to make money as more
    >>>> and more house holds and small businesses doing networking need to
    >>>> have things configured properly and most of them are coming to MS
    >>>> not Linux.
    >>>>
    >>>> Duane :)
    >>>
    >>> Which is a *real* strong argument for putting Microsoft out of
    >>> business. Sure, making crappy cars is good for mechanics-but it's
    >>> not so good for the US, now is it?
    >>>
    >>>

    >>
    >>
    >> Now do you really think that's going to happen? People working for
    >> MS or any business for that matter have mouths to feed, cars, and
    >> homes to make payments and kids to put through college. Do you
    >> really think that they are going to let something like Linux just
    >> take over the market? You can bet that MS will stop anything that
    >> becomes a threat, by any means necessary. Yeah, Linux may be good,
    >> but on the other hand, Linux has not put one dime in my pockets. And
    >> that's all that counts as far as I am concerned. Yeah, Linux will
    >> get its little share of the market and share it with the others who
    >> are sharing that same little share.
    >>
    >> Do you think MS is going to let happen to it like what happened to
    >> IBM? I would not count on that if I were you.

    > Do you think that IBM would have let it happen if it could have
    > prevented it? Maybe-*maybe*-Microsoft will learn from IBM's mistakes.
    > I don't see any sign of it so far. It seems far more likely to me that
    > Microsoft is arrogant enough to believe that it *can't* happen to them
    > because they don't make that kind of mistake. And if that's what they
    > believe, as their corporate culture, then eventually it *will* happen
    > to them & all those people with mouths to feed, etc. will be running
    > around asking "What happened?"
    >
    > It's happened before-often. Those who won't learn from history are
    > condemned to repeat it.


    IBM is doing pretty good htese days...they have a hand in all three next
    gen consoles, plus AMD. I thinkt he only way to really learn from your
    mistakes is to make them first sometimes.

    --
    Night_Seer
     
    Night_Seer, Jan 15, 2004
    #19
  20. You might make your server more secure if you put it on a different port
    then 80. For a home netowrk webserver that should be fine. I do okay with
    an Apache server on port 81.

    "Night_Seer" <ecamacho4 at hotmail dot com> wrote in message
    news:...
    > Calvin Crumrine wrote:
    > > Duane Arnold wrote:
    > >> Calvin Crumrine <> wrote in
    > >> news::
    > >>
    > >>
    > >>> Duane Arnold wrote:
    > >>>
    > >>>
    > >>>> DeMoN LaG <n@a> wrote in news:Xns946FC915C664Wobbly@216.168.3.30:
    > >>>>
    > >>>>
    > >>>>
    > >>>>> To do the same on Windows requires
    > >>>>> installing it, installing a dozen security patches, changing a few
    > >>>>> options here and there, installing a decent firewill application,
    > >>>>> and possibly more.
    > >>>>>
    > >>>>
    > >>>>
    > >>>> The way I look at that. It's an opportunity to make money as more
    > >>>> and more house holds and small businesses doing networking need to
    > >>>> have things configured properly and most of them are coming to MS
    > >>>> not Linux.
    > >>>>
    > >>>> Duane :)
    > >>>
    > >>> Which is a *real* strong argument for putting Microsoft out of
    > >>> business. Sure, making crappy cars is good for mechanics-but it's
    > >>> not so good for the US, now is it?
    > >>>
    > >>>
    > >>
    > >>
    > >> Now do you really think that's going to happen? People working for
    > >> MS or any business for that matter have mouths to feed, cars, and
    > >> homes to make payments and kids to put through college. Do you
    > >> really think that they are going to let something like Linux just
    > >> take over the market? You can bet that MS will stop anything that
    > >> becomes a threat, by any means necessary. Yeah, Linux may be good,
    > >> but on the other hand, Linux has not put one dime in my pockets. And
    > >> that's all that counts as far as I am concerned. Yeah, Linux will
    > >> get its little share of the market and share it with the others who
    > >> are sharing that same little share.
    > >>
    > >> Do you think MS is going to let happen to it like what happened to
    > >> IBM? I would not count on that if I were you.

    > > Do you think that IBM would have let it happen if it could have
    > > prevented it? Maybe-*maybe*-Microsoft will learn from IBM's mistakes.
    > > I don't see any sign of it so far. It seems far more likely to me that
    > > Microsoft is arrogant enough to believe that it *can't* happen to them
    > > because they don't make that kind of mistake. And if that's what they
    > > believe, as their corporate culture, then eventually it *will* happen
    > > to them & all those people with mouths to feed, etc. will be running
    > > around asking "What happened?"
    > >
    > > It's happened before-often. Those who won't learn from history are
    > > condemned to repeat it.

    >
    > IBM is doing pretty good htese days...they have a hand in all three next
    > gen consoles, plus AMD. I thinkt he only way to really learn from your
    > mistakes is to make them first sometimes.
    >
    > --
    > Night_Seer
    >
    >
     
    Andrew Watiker, Jan 16, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kev
    Replies:
    4
    Views:
    562
    Scooby
    Nov 17, 2003
  2. TGOS
    Replies:
    0
    Views:
    575
  3. david jones
    Replies:
    16
    Views:
    3,812
    Sebastian Gottschalk
    Aug 16, 2006
  4. Ann hilferty

    SECURELY ENABLING MY NETWORK

    Ann hilferty, Mar 11, 2007, in forum: Wireless Networking
    Replies:
    1
    Views:
    368
    Jack \(MVP-Networking\).
    Mar 11, 2007
  5. Replies:
    1
    Views:
    979
    wisdomkiller & pain
    Sep 13, 2007
Loading...

Share This Page