iyiola
asked on
HOW TO PEREVENT HACKERS
I manage a network and we do low end web hosting.
I want to prevent hackers from entering our network
We have no firewal in place as of now.
Please suggest the most cost effective way to go about it and any software needed. I know nothing can be guarantee, but we need a security in place all the same
Thanks so much
I want to prevent hackers from entering our network
We have no firewal in place as of now.
Please suggest the most cost effective way to go about it and any software needed. I know nothing can be guarantee, but we need a security in place all the same
Thanks so much
I'm obviously slightly biased on this subject but checkout our website @ www.plasmateksoftware.com
Definitely ensure that you have the latest service pack (2) installed, and security fixes from MS technet (www.microsoft.com/technet).
There are other simple things like ensuring your windows file sharing is disabled (or at least not bound to your internet adaptor)
Definitely ensure that you have the latest service pack (2) installed, and security fixes from MS technet (www.microsoft.com/technet).
There are other simple things like ensuring your windows file sharing is disabled (or at least not bound to your internet adaptor)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
one very simple and very important advice to prevent even futire hacks is to
- have the inetpub on a different partition than the system
- disable every unneeded services
- delete unneeded (Isapi) mappings
here are also several checklists:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/tools.asp
- have the inetpub on a different partition than the system
- disable every unneeded services
- delete unneeded (Isapi) mappings
here are also several checklists:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/tools.asp
I agree with Dave's suggestion to buy a firewall S/W. That way you don't have to re-invent the wheel.
Also you must setup file audits on your critical folders and also setup alerts so that you will be warned if there is any unauthorized access.
Also you must setup file audits on your critical folders and also setup alerts so that you will be warned if there is any unauthorized access.
First thing you should do is DUMP IIS - that thing is hackable NOT because of a lack of a firewall but because it is FULL of bugs (buffer overflows, etc.) that allow hackers in. No firewall in the world can protect you from cases like that. Microsoft also will take up to 30 days to issue a patch (IF they issue a patch) for the latest security breach in IIS.
Take a look at attrition.org - you'll see that a majority of the new exploits in IIS are on IIS 5.0
Get a secure web server such as Apache.
Take a look at attrition.org - you'll see that a majority of the new exploits in IIS are on IIS 5.0
Get a secure web server such as Apache.
ASKER
Thanks to all.
1) Configure your network properties so that HTTP port 80 is the only permitted connection.
2) Configure your router to block everything but port 80.
3) Check that ALL of the Microsoft HOTFIXES for IIS are installed.
If you have computers other than those that host the web sites on the network, get a firewall.