parvinderg
asked on
Precautions to Host my Live application
Hi...
I have to host an application developed in .NET live 24/7 on RHL9.0/Apache2.0. I am looking for all the possible precautions which i should take in order to keep this applications secure and robust and how to do them.I am naive to Apache/Linux so i would like to get advise from all the experts.All the help provided will be higly highly appreciated.
Regards
I have to host an application developed in .NET live 24/7 on RHL9.0/Apache2.0. I am looking for all the possible precautions which i should take in order to keep this applications secure and robust and how to do them.I am naive to Apache/Linux so i would like to get advise from all the experts.All the help provided will be higly highly appreciated.
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Any other suggestions Mr.Hoffmann or Mr.Samri? Mr.Hoffmann, you have mentioned a couple of ways of reviewing the application.How would u advise me to let the application developer accomplish this task (as i am not developing the application) ? Mr.Samri the link of the company which you are working for is fantastic.I appreciate that.
regards
regards
ASKER
I have almost followed all those steps which were mentioned by hoffman and samri plus i found very valuable information at http://www.securityfocus.com/infocus/1786.
Wots the function of suExec and chroot?
How can i implement those too without disturbing my current cnofiguration or messing up with that?
Any other suggestions which i really need to focus on.How can i test for the security and robustness.?
Regards
Wots the function of suExec and chroot?
How can i implement those too without disturbing my current cnofiguration or messing up with that?
Any other suggestions which i really need to focus on.How can i test for the security and robustness.?
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The very first thing that you may need to do is to secure the server at the OS level. Turning off the unneded services. have firewall running, and such.
On Apache, you could visit Apache docs website at http://httpd.apache.org/docs-2.0/, and specifically some tips on Security : http://httpd.apache.org/docs-2.0/misc/security_tips.html
Apache itself is considered to be quite mature, and quite stable (performance/security-wise
The next thing to worry is the application itself -- which some code may have bugs which lead to "unknown" result. Check this too.
Apart from these tips, monitor your server closely, mod_status (http://httpd.apache.org/docs-2.0/mod/mod_status.html) is provided with apache to enable you to view the server status on-line (realtime). This should be able to give you some indication on what is happening, shoud you think that your apache is behaving weirdly.
HTH.