Solved

secure a homepage

Posted on 2001-08-15
23
382 Views
Last Modified: 2010-04-11
how can a homepage be secured? i mean that eg. i upload my homepage to a server, then is that all the security be handle by the server site? can i do anything to make my homepage more secure?
0
Comment
Question by:JYnet
  • 6
  • 5
  • 4
  • +5
23 Comments
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 6387484
Your homepage is a file on the server.  Only the administrators of the server can manage the security of that file.

If a hacker manages to get access to that file then they can modify it or substitute any web page that they like.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6388532
Assuming the webserver runs apache please read this:
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6388731
Also, the mere act of uploading your homepage to the server will compromise its security unless the upload protocol is encrypted (i.e., HTTPS uploads, not FTP or HTTP).
0
 

Author Comment

by:JYnet
ID: 6391162
i see. so that means it all depend on the server site.
hmmm.. what if i allow other user to browse my server, then a lot of configuration must be made too.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6392522
If you administrate the client pc's from which you want to restrict/allow access you need some kind of firewall/router...
0
 

Author Comment

by:JYnet
ID: 6400288
i see.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6400315
Maybe someone in the EE programming environment knows if its possible to write a PHP or perl script which identifies each host (and decides autorisation) before it shows any webpages...

http://www.experts-exchange.com/jsp/qList.jsp?ta=perl
http://www.experts-exchange.com/jsp/qList.jsp?ta=php
0
 
LVL 12

Expert Comment

by:Otta
ID: 6404757
> the mere act of uploading your homepage to the server will compromise its security

How?  (Other than somebody packet-sniffing your connection while you are uploading it?)
0
 

Author Comment

by:JYnet
ID: 6412105
i guest that's right..
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6429010
> the mere act of uploading your homepage to the server will compromise its security

>> How?  (Other than somebody packet-sniffing your connection while you are uploading it?)

Yes, exactly.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6432483
> Yes, exactly.

And what is the probability of that happening?

Most ISPs use "switches" rather than "hubs",
so "sniffing" is ineffective.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 5

Expert Comment

by:paulqna
ID: 6432607
Mention one ISP without switches ;)
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6432637
That's fine on the ISP side.  What about on your side.  If it's cable modem, you're toast.  If it's a university network, you're toast.  If it's dial-up or DSL you're probably OK.  If it's a corporate network, you've got about a 30% chance of being OK.
0
 

Expert Comment

by:gorgale
ID: 6441652
0
 
LVL 12

Expert Comment

by:Otta
ID: 6443616
> If it's cable modem, you're toast.

Nonsense, at least with the Terayon cable-modems
which my local cable-modem company uses.

> If it's a university network, you're toast.

More nonsense, if the "network services department"
at the University is competent, and configures the hubs
and switches and routers correctly.

Now, if you're talking about a hotel which offers
high-speed Internet access as one of its "guest services",
you really _COULD_ be toasted.  I had the misfortune
to be a guest at a hotel which was hosting a "computer
security" conference -- their telephone-system was "hacked",
and the hotel concierge contacted me, to apologize
for having their Internet-access system being hacked,
and to caution me to change any passwords, ASAP.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6444544
>> If it's cable modem, you're toast.
>
> Nonsense, at least with the Terayon cable-modems
> which my local cable-modem company uses.

Assuming they do and assuming the attacker is using the cable-modem that's supplied by the company.  Big if's.

> If it's a university network, you're toast.
>
> More nonsense, if the "network services department"
> at the University is competent, and configures the hubs
> and switches and routers correctly.

Another big if.  I've yet to see a university network that didn't use shared media (in which case, it doesn't matter how copetent the staff is).

The bottom line is that you need to be at least a little bit paranoid.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6445149
> assuming the attacker is using the cable-modem that's supplied by the company. Big if's.

Not really.  The only cable-modems that work are those
which are supplied by the local cable-modem company.

Even if a "foreign" cable-modem could be connected,
all the other customers of that cable-modem company
are still using the Terayon modem, which protects them
from any "sniffing" by the "rogue" modem.

> Another big if.
> I've yet to see a university network that didn't use
> shared media (in which case, it doesn't matter how
> copetent [sic] the staff is).

Not "big" at all.  Next time you're in my neighbourhood,
come talk to the Network Services staff, and learn about
the "right" way to securely configure a network with a
Gigabit core and fast Ethernet delivered to the desktop.

0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6445220
OK folks...

1.  Cable is a shared medium.  It doesn't matter what kind of cable modem you're using, all the other cable modems on your segment see your traffic.  It's that simple.  There's nothing you can do about it but use encryption.  That doesn't mean somebody is actually snooping your cable data, but it does mean that somebody could be doing it and there's nothing you can do about it.

2.  All Universities I know of use shared media out in the individual labs for cost savings.  That doesn't mean their staff doesn't know what they're doing.  It doesn't mean they don't have switches on the core, or even in other locations.  But it does mean that if you plug your laptop into a random port in say the robotics lab, your data is probably sniffable at least to other ports in the room.

These things are truths.  Data is sniffable in at least some situations. Deal with it.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6445406
> Cable is a shared medium.

What medium is not shared, except for line-of-sight microwave, or an earth-satellite link?


> There's nothing you can do about it but use encryption

Exactly, and that's exactly what the Terayon cable-modem does,
so that any "sniffing" will not work.

> there's nothing you can do about it.

Wrong, as I've shown.

> your data is probably sniffable at least to other ports in the room.

Probably?  Well, is it, or isn't it?
The answer, at least at the local university is "not".


Now, has any of this dialogue helped the author of this question?
If not, then open your own E-E question, and let's continue in that question, rather than "cluttering" this question.

Focus!  Focus!







       

       
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6445948
OK, just one last comment before returning to useful stuff....

According to what's on the Terayon web site, their cable modems do _not_ do encryption.  They do support MPLS, but that doesn't encrypt, so someone with a non Terayon cable modem could definitely sniff the traffic.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6509919
> how can a homepage be secured?

SSL, add logins, don't allow dynamic updates, be cautious with links; don't use frontpage

> security be handle by the server site?

yes.
For your requirements, consider this sufficient

> can i do anything to make my homepage more secure?

Keep it static.
Use static pages.
Do not allow (buy into) anonymous uploads such as FTP, even if ISP permits

Also:

Maintain your own backups. Schedule a periodic check that compares the backup file on the desktop, with the real file on the server. There are several programs easily available that do this. Even old DOS had a couple of compare programs.  If files are different, call ISP and ask for restore, telling them why (let them re-shut the door).
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6789116
> how can a homepage be secured?

make it read-only.
never edit it, or design it, always copy/overlay an update
Do not permit anything else to use that location

> that all the security be handle by the server site?

No, Not for networking. This would use firewall, DMZ, etc., different H/W from the server.
0
 
LVL 24

Accepted Solution

by:
SunBow earned 20 total points
ID: 6789150
> what if i allow other user to browse my server,

no you don't.
That is one more insecure step.

But after the home page, move things as appropriate to other directories on this or other servers, either by proxy or past (another) firewall or for data, as well as for different permission levels (including cgi, gif, ftp, downloads, shares, etc.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now