about the secure of the web server

[nn2000]

Recently I need to put a web server to public by router mapping so that everyone can access it by input a domain name. The router has its own firewall. Is that enough? What can I do to aviod the hacker attacking? The system is linux

 

[n0cmonkey]

Keep the system patched, ensure your webserver is setup correctly.

 

[mauiblue]

I just setup a web server and had the same question about security. I was looking into getting a hardware firewall. It seems like that would be the way to go if you would want hackers to stay out and keep worms or trojan programs from contacting these hackers with your personal info (passwords, addresses, etc.). I was looking at the D-Link DFL-80 to put between my broadband modem and my wireless router. I still need to see if there is any compatibility issues with using the hardware firewall and the wireless router.

 

[Nothinman]

A hardware firewall will do absolutely nothing unless you use it to block access to the web server, but that would defeat the purpose of running the web server.

Securing a web server requires you to understand the web server inside and out, you have to know exactly what you need enabled for the functionality you want and how to set it up in a secure fashion. You don't mention what you're running so it's pretty much impossible to give any advice other than what n0c said.

 

[mauiblue]

Originally posted by: Nothinman
A hardware firewall will do absolutely nothing unless you use it to block access to the web server, but that would defeat the purpose of running the web server.

Securing a web server requires you to understand the web server inside and out, you have to know exactly what you need enabled for the functionality you want and how to set it up in a secure fashion. You don't mention what you're running so it's pretty much impossible to give any advice other than what n0c said.

I'm setting up an Internet camera and obviously had to open some ports to access it via the web. I hoping that a hardware firewall would give me other security fucntions that would keep unauthorized users from getting into the system and keep trojan programs from broadcasting from my computer any personal information through these ports. I know that setting a VPN would be the way to go, but I can't setup another VPN router at work (where I would be accessing my home computer).

I have setup MAC filtering and set the ports I would be using for the camera via the wireless router I have, but I figure having the hardware router would give me even additional security features.

 

[groovin]

good policy/management is the best security. that is, keeping it patched, not running excess services on it, not having an account called test with the password test, etc etc etc. lots of good books on the subject as well.

 

[Nothinman]

I hoping that a hardware firewall would give me other security fucntions that would keep unauthorized users from getting into the system and keep trojan programs from broadcasting from my computer any personal information through these ports

Depends highly on what actually happens. A lot of exploits require no other access other than web to get inside the server. If you don't allow any other ports in, they might not be able to accept connections to further damage the system, but if the trojan initiates an outbound connection it'll probably work fine since I doubt you do any egress filtering.

I know that setting a VPN would be the way to go, but I can't setup another VPN router at work (where I would be accessing my home computer).

A VPN would only be helpful if you don't plan on running a public website.

 

[scoob8000]

Keep all your servers up to date. For example as root on a redhat system run

yum update

.

And true, with a hardware firewall you still need to leave your server open. If your server can be hacked, it defeats the whole purpose of the firewall.

 

[mauiblue]

Much mahalo to all that has responded. It seems like what I already have setup(firewall software, engaging security measures on the router, changing passwords periodically, etc.) is pretty much what I need to stay secure. I guess the *only* way to stay really secure is *not go on the Internet* and not go wireless. Well I will not let my paranoia get the best of me <grin>. I will keep all that was said in mind and hope for the best.

Best regards to all.

P.S. I hope Santa will be leaving you all an extra present under the Christmas tree this week.