secure a homepage

how can a homepage be secured? i mean that eg. i upload my homepage to a server, then is that all the security be handle by the server site? can i do anything to make my homepage more secure?
JYnetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tonimargiottaCommented:
Your homepage is a file on the server.  Only the administrators of the server can manage the security of that file.

If a hacker manages to get access to that file then they can modify it or substitute any web page that they like.
0
paulqnaCommented:
Assuming the webserver runs apache please read this:
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication
0
chris_calabreseCommented:
Also, the mere act of uploading your homepage to the server will compromise its security unless the upload protocol is encrypted (i.e., HTTPS uploads, not FTP or HTTP).
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

JYnetAuthor Commented:
i see. so that means it all depend on the server site.
hmmm.. what if i allow other user to browse my server, then a lot of configuration must be made too.
0
paulqnaCommented:
If you administrate the client pc's from which you want to restrict/allow access you need some kind of firewall/router...
0
JYnetAuthor Commented:
i see.
0
paulqnaCommented:
Maybe someone in the EE programming environment knows if its possible to write a PHP or perl script which identifies each host (and decides autorisation) before it shows any webpages...

http://www.experts-exchange.com/jsp/qList.jsp?ta=perl
http://www.experts-exchange.com/jsp/qList.jsp?ta=php
0
OttaCommented:
> the mere act of uploading your homepage to the server will compromise its security

How?  (Other than somebody packet-sniffing your connection while you are uploading it?)
0
JYnetAuthor Commented:
i guest that's right..
0
chris_calabreseCommented:
> the mere act of uploading your homepage to the server will compromise its security

>> How?  (Other than somebody packet-sniffing your connection while you are uploading it?)

Yes, exactly.
0
OttaCommented:
> Yes, exactly.

And what is the probability of that happening?

Most ISPs use "switches" rather than "hubs",
so "sniffing" is ineffective.
0
paulqnaCommented:
Mention one ISP without switches ;)
0
chris_calabreseCommented:
That's fine on the ISP side.  What about on your side.  If it's cable modem, you're toast.  If it's a university network, you're toast.  If it's dial-up or DSL you're probably OK.  If it's a corporate network, you've got about a 30% chance of being OK.
0
gorgaleCommented:
0
OttaCommented:
> If it's cable modem, you're toast.

Nonsense, at least with the Terayon cable-modems
which my local cable-modem company uses.

> If it's a university network, you're toast.

More nonsense, if the "network services department"
at the University is competent, and configures the hubs
and switches and routers correctly.

Now, if you're talking about a hotel which offers
high-speed Internet access as one of its "guest services",
you really _COULD_ be toasted.  I had the misfortune
to be a guest at a hotel which was hosting a "computer
security" conference -- their telephone-system was "hacked",
and the hotel concierge contacted me, to apologize
for having their Internet-access system being hacked,
and to caution me to change any passwords, ASAP.
0
chris_calabreseCommented:
>> If it's cable modem, you're toast.
>
> Nonsense, at least with the Terayon cable-modems
> which my local cable-modem company uses.

Assuming they do and assuming the attacker is using the cable-modem that's supplied by the company.  Big if's.

> If it's a university network, you're toast.

> More nonsense, if the "network services department"
> at the University is competent, and configures the hubs
> and switches and routers correctly.

Another big if.  I've yet to see a university network that didn't use shared media (in which case, it doesn't matter how copetent the staff is).

The bottom line is that you need to be at least a little bit paranoid.
0
OttaCommented:
> assuming the attacker is using the cable-modem that's supplied by the company. Big if's.

Not really.  The only cable-modems that work are those
which are supplied by the local cable-modem company.

Even if a "foreign" cable-modem could be connected,
all the other customers of that cable-modem company
are still using the Terayon modem, which protects them
from any "sniffing" by the "rogue" modem.

> Another big if.
> I've yet to see a university network that didn't use
> shared media (in which case, it doesn't matter how
> copetent [sic] the staff is).

Not "big" at all.  Next time you're in my neighbourhood,
come talk to the Network Services staff, and learn about
the "right" way to securely configure a network with a
Gigabit core and fast Ethernet delivered to the desktop.

0
chris_calabreseCommented:
OK folks...

1.  Cable is a shared medium.  It doesn't matter what kind of cable modem you're using, all the other cable modems on your segment see your traffic.  It's that simple.  There's nothing you can do about it but use encryption.  That doesn't mean somebody is actually snooping your cable data, but it does mean that somebody could be doing it and there's nothing you can do about it.

2.  All Universities I know of use shared media out in the individual labs for cost savings.  That doesn't mean their staff doesn't know what they're doing.  It doesn't mean they don't have switches on the core, or even in other locations.  But it does mean that if you plug your laptop into a random port in say the robotics lab, your data is probably sniffable at least to other ports in the room.

These things are truths.  Data is sniffable in at least some situations. Deal with it.
0
OttaCommented:
> Cable is a shared medium.

What medium is not shared, except for line-of-sight microwave, or an earth-satellite link?


> There's nothing you can do about it but use encryption

Exactly, and that's exactly what the Terayon cable-modem does,
so that any "sniffing" will not work.

> there's nothing you can do about it.

Wrong, as I've shown.

> your data is probably sniffable at least to other ports in the room.

Probably?  Well, is it, or isn't it?
The answer, at least at the local university is "not".


Now, has any of this dialogue helped the author of this question?
If not, then open your own E-E question, and let's continue in that question, rather than "cluttering" this question.

Focus!  Focus!







       

       
0
chris_calabreseCommented:
OK, just one last comment before returning to useful stuff....

According to what's on the Terayon web site, their cable modems do _not_ do encryption.  They do support MPLS, but that doesn't encrypt, so someone with a non Terayon cable modem could definitely sniff the traffic.
0
FlamingSwordCommented:
> how can a homepage be secured?

SSL, add logins, don't allow dynamic updates, be cautious with links; don't use frontpage

> security be handle by the server site?

yes.
For your requirements, consider this sufficient

> can i do anything to make my homepage more secure?

Keep it static.
Use static pages.
Do not allow (buy into) anonymous uploads such as FTP, even if ISP permits

Also:

Maintain your own backups. Schedule a periodic check that compares the backup file on the desktop, with the real file on the server. There are several programs easily available that do this. Even old DOS had a couple of compare programs.  If files are different, call ISP and ask for restore, telling them why (let them re-shut the door).
0
SunBowCommented:
> how can a homepage be secured?

make it read-only.
never edit it, or design it, always copy/overlay an update
Do not permit anything else to use that location

> that all the security be handle by the server site?

No, Not for networking. This would use firewall, DMZ, etc., different H/W from the server.
0
SunBowCommented:
> what if i allow other user to browse my server,

no you don't.
That is one more insecure step.

But after the home page, move things as appropriate to other directories on this or other servers, either by proxy or past (another) firewall or for data, as well as for different permission levels (including cgi, gif, ftp, downloads, shares, etc.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.