Solved

secure a homepage

Posted on 2001-08-15
23
391 Views
Last Modified: 2010-04-11
how can a homepage be secured? i mean that eg. i upload my homepage to a server, then is that all the security be handle by the server site? can i do anything to make my homepage more secure?
0
Comment
Question by:JYnet
  • 6
  • 5
  • 4
  • +5
23 Comments
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 6387484
Your homepage is a file on the server.  Only the administrators of the server can manage the security of that file.

If a hacker manages to get access to that file then they can modify it or substitute any web page that they like.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6388532
Assuming the webserver runs apache please read this:
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6388731
Also, the mere act of uploading your homepage to the server will compromise its security unless the upload protocol is encrypted (i.e., HTTPS uploads, not FTP or HTTP).
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:JYnet
ID: 6391162
i see. so that means it all depend on the server site.
hmmm.. what if i allow other user to browse my server, then a lot of configuration must be made too.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6392522
If you administrate the client pc's from which you want to restrict/allow access you need some kind of firewall/router...
0
 

Author Comment

by:JYnet
ID: 6400288
i see.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6400315
Maybe someone in the EE programming environment knows if its possible to write a PHP or perl script which identifies each host (and decides autorisation) before it shows any webpages...

http://www.experts-exchange.com/jsp/qList.jsp?ta=perl
http://www.experts-exchange.com/jsp/qList.jsp?ta=php
0
 
LVL 12

Expert Comment

by:Otta
ID: 6404757
> the mere act of uploading your homepage to the server will compromise its security

How?  (Other than somebody packet-sniffing your connection while you are uploading it?)
0
 

Author Comment

by:JYnet
ID: 6412105
i guest that's right..
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6429010
> the mere act of uploading your homepage to the server will compromise its security

>> How?  (Other than somebody packet-sniffing your connection while you are uploading it?)

Yes, exactly.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6432483
> Yes, exactly.

And what is the probability of that happening?

Most ISPs use "switches" rather than "hubs",
so "sniffing" is ineffective.
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6432607
Mention one ISP without switches ;)
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6432637
That's fine on the ISP side.  What about on your side.  If it's cable modem, you're toast.  If it's a university network, you're toast.  If it's dial-up or DSL you're probably OK.  If it's a corporate network, you've got about a 30% chance of being OK.
0
 

Expert Comment

by:gorgale
ID: 6441652
0
 
LVL 12

Expert Comment

by:Otta
ID: 6443616
> If it's cable modem, you're toast.

Nonsense, at least with the Terayon cable-modems
which my local cable-modem company uses.

> If it's a university network, you're toast.

More nonsense, if the "network services department"
at the University is competent, and configures the hubs
and switches and routers correctly.

Now, if you're talking about a hotel which offers
high-speed Internet access as one of its "guest services",
you really _COULD_ be toasted.  I had the misfortune
to be a guest at a hotel which was hosting a "computer
security" conference -- their telephone-system was "hacked",
and the hotel concierge contacted me, to apologize
for having their Internet-access system being hacked,
and to caution me to change any passwords, ASAP.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6444544
>> If it's cable modem, you're toast.
>
> Nonsense, at least with the Terayon cable-modems
> which my local cable-modem company uses.

Assuming they do and assuming the attacker is using the cable-modem that's supplied by the company.  Big if's.

> If it's a university network, you're toast.

> More nonsense, if the "network services department"
> at the University is competent, and configures the hubs
> and switches and routers correctly.

Another big if.  I've yet to see a university network that didn't use shared media (in which case, it doesn't matter how copetent the staff is).

The bottom line is that you need to be at least a little bit paranoid.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6445149
> assuming the attacker is using the cable-modem that's supplied by the company. Big if's.

Not really.  The only cable-modems that work are those
which are supplied by the local cable-modem company.

Even if a "foreign" cable-modem could be connected,
all the other customers of that cable-modem company
are still using the Terayon modem, which protects them
from any "sniffing" by the "rogue" modem.

> Another big if.
> I've yet to see a university network that didn't use
> shared media (in which case, it doesn't matter how
> copetent [sic] the staff is).

Not "big" at all.  Next time you're in my neighbourhood,
come talk to the Network Services staff, and learn about
the "right" way to securely configure a network with a
Gigabit core and fast Ethernet delivered to the desktop.

0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6445220
OK folks...

1.  Cable is a shared medium.  It doesn't matter what kind of cable modem you're using, all the other cable modems on your segment see your traffic.  It's that simple.  There's nothing you can do about it but use encryption.  That doesn't mean somebody is actually snooping your cable data, but it does mean that somebody could be doing it and there's nothing you can do about it.

2.  All Universities I know of use shared media out in the individual labs for cost savings.  That doesn't mean their staff doesn't know what they're doing.  It doesn't mean they don't have switches on the core, or even in other locations.  But it does mean that if you plug your laptop into a random port in say the robotics lab, your data is probably sniffable at least to other ports in the room.

These things are truths.  Data is sniffable in at least some situations. Deal with it.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6445406
> Cable is a shared medium.

What medium is not shared, except for line-of-sight microwave, or an earth-satellite link?


> There's nothing you can do about it but use encryption

Exactly, and that's exactly what the Terayon cable-modem does,
so that any "sniffing" will not work.

> there's nothing you can do about it.

Wrong, as I've shown.

> your data is probably sniffable at least to other ports in the room.

Probably?  Well, is it, or isn't it?
The answer, at least at the local university is "not".


Now, has any of this dialogue helped the author of this question?
If not, then open your own E-E question, and let's continue in that question, rather than "cluttering" this question.

Focus!  Focus!







       

       
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6445948
OK, just one last comment before returning to useful stuff....

According to what's on the Terayon web site, their cable modems do _not_ do encryption.  They do support MPLS, but that doesn't encrypt, so someone with a non Terayon cable modem could definitely sniff the traffic.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6509919
> how can a homepage be secured?

SSL, add logins, don't allow dynamic updates, be cautious with links; don't use frontpage

> security be handle by the server site?

yes.
For your requirements, consider this sufficient

> can i do anything to make my homepage more secure?

Keep it static.
Use static pages.
Do not allow (buy into) anonymous uploads such as FTP, even if ISP permits

Also:

Maintain your own backups. Schedule a periodic check that compares the backup file on the desktop, with the real file on the server. There are several programs easily available that do this. Even old DOS had a couple of compare programs.  If files are different, call ISP and ask for restore, telling them why (let them re-shut the door).
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6789116
> how can a homepage be secured?

make it read-only.
never edit it, or design it, always copy/overlay an update
Do not permit anything else to use that location

> that all the security be handle by the server site?

No, Not for networking. This would use firewall, DMZ, etc., different H/W from the server.
0
 
LVL 24

Accepted Solution

by:
SunBow earned 20 total points
ID: 6789150
> what if i allow other user to browse my server,

no you don't.
That is one more insecure step.

But after the home page, move things as appropriate to other directories on this or other servers, either by proxy or past (another) firewall or for data, as well as for different permission levels (including cgi, gif, ftp, downloads, shares, etc.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question