JYnet
asked on
secure a homepage
how can a homepage be secured? i mean that eg. i upload my homepage to a server, then is that all the security be handle by the server site? can i do anything to make my homepage more secure?
Assuming the webserver runs apache please read this:
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication
http://httpd.apache.org/docs/misc/FAQ.html#user-authentication
Also, the mere act of uploading your homepage to the server will compromise its security unless the upload protocol is encrypted (i.e., HTTPS uploads, not FTP or HTTP).
ASKER
i see. so that means it all depend on the server site.
hmmm.. what if i allow other user to browse my server, then a lot of configuration must be made too.
hmmm.. what if i allow other user to browse my server, then a lot of configuration must be made too.
If you administrate the client pc's from which you want to restrict/allow access you need some kind of firewall/router...
ASKER
i see.
Maybe someone in the EE programming environment knows if its possible to write a PHP or perl script which identifies each host (and decides autorisation) before it shows any webpages...
https://www.experts-exchange.com/jsp/qList.jsp?ta=perl
https://www.experts-exchange.com/jsp/qList.jsp?ta=php
https://www.experts-exchange.com/jsp/qList.jsp?ta=perl
https://www.experts-exchange.com/jsp/qList.jsp?ta=php
> the mere act of uploading your homepage to the server will compromise its security
How? (Other than somebody packet-sniffing your connection while you are uploading it?)
How? (Other than somebody packet-sniffing your connection while you are uploading it?)
ASKER
i guest that's right..
> the mere act of uploading your homepage to the server will compromise its security
>> How? (Other than somebody packet-sniffing your connection while you are uploading it?)
Yes, exactly.
>> How? (Other than somebody packet-sniffing your connection while you are uploading it?)
Yes, exactly.
> Yes, exactly.
And what is the probability of that happening?
Most ISPs use "switches" rather than "hubs",
so "sniffing" is ineffective.
And what is the probability of that happening?
Most ISPs use "switches" rather than "hubs",
so "sniffing" is ineffective.
Mention one ISP without switches ;)
That's fine on the ISP side. What about on your side. If it's cable modem, you're toast. If it's a university network, you're toast. If it's dial-up or DSL you're probably OK. If it's a corporate network, you've got about a 30% chance of being OK.
> If it's cable modem, you're toast.
Nonsense, at least with the Terayon cable-modems
which my local cable-modem company uses.
> If it's a university network, you're toast.
More nonsense, if the "network services department"
at the University is competent, and configures the hubs
and switches and routers correctly.
Now, if you're talking about a hotel which offers
high-speed Internet access as one of its "guest services",
you really _COULD_ be toasted. I had the misfortune
to be a guest at a hotel which was hosting a "computer
security" conference -- their telephone-system was "hacked",
and the hotel concierge contacted me, to apologize
for having their Internet-access system being hacked,
and to caution me to change any passwords, ASAP.
Nonsense, at least with the Terayon cable-modems
which my local cable-modem company uses.
> If it's a university network, you're toast.
More nonsense, if the "network services department"
at the University is competent, and configures the hubs
and switches and routers correctly.
Now, if you're talking about a hotel which offers
high-speed Internet access as one of its "guest services",
you really _COULD_ be toasted. I had the misfortune
to be a guest at a hotel which was hosting a "computer
security" conference -- their telephone-system was "hacked",
and the hotel concierge contacted me, to apologize
for having their Internet-access system being hacked,
and to caution me to change any passwords, ASAP.
>> If it's cable modem, you're toast.
>
> Nonsense, at least with the Terayon cable-modems
> which my local cable-modem company uses.
Assuming they do and assuming the attacker is using the cable-modem that's supplied by the company. Big if's.
> If it's a university network, you're toast.
>
> More nonsense, if the "network services department"
> at the University is competent, and configures the hubs
> and switches and routers correctly.
Another big if. I've yet to see a university network that didn't use shared media (in which case, it doesn't matter how copetent the staff is).
The bottom line is that you need to be at least a little bit paranoid.
>
> Nonsense, at least with the Terayon cable-modems
> which my local cable-modem company uses.
Assuming they do and assuming the attacker is using the cable-modem that's supplied by the company. Big if's.
> If it's a university network, you're toast.
>
> More nonsense, if the "network services department"
> at the University is competent, and configures the hubs
> and switches and routers correctly.
Another big if. I've yet to see a university network that didn't use shared media (in which case, it doesn't matter how copetent the staff is).
The bottom line is that you need to be at least a little bit paranoid.
> assuming the attacker is using the cable-modem that's supplied by the company. Big if's.
Not really. The only cable-modems that work are those
which are supplied by the local cable-modem company.
Even if a "foreign" cable-modem could be connected,
all the other customers of that cable-modem company
are still using the Terayon modem, which protects them
from any "sniffing" by the "rogue" modem.
> Another big if.
> I've yet to see a university network that didn't use
> shared media (in which case, it doesn't matter how
> copetent [sic] the staff is).
Not "big" at all. Next time you're in my neighbourhood,
come talk to the Network Services staff, and learn about
the "right" way to securely configure a network with a
Gigabit core and fast Ethernet delivered to the desktop.
Not really. The only cable-modems that work are those
which are supplied by the local cable-modem company.
Even if a "foreign" cable-modem could be connected,
all the other customers of that cable-modem company
are still using the Terayon modem, which protects them
from any "sniffing" by the "rogue" modem.
> Another big if.
> I've yet to see a university network that didn't use
> shared media (in which case, it doesn't matter how
> copetent [sic] the staff is).
Not "big" at all. Next time you're in my neighbourhood,
come talk to the Network Services staff, and learn about
the "right" way to securely configure a network with a
Gigabit core and fast Ethernet delivered to the desktop.
OK folks...
1. Cable is a shared medium. It doesn't matter what kind of cable modem you're using, all the other cable modems on your segment see your traffic. It's that simple. There's nothing you can do about it but use encryption. That doesn't mean somebody is actually snooping your cable data, but it does mean that somebody could be doing it and there's nothing you can do about it.
2. All Universities I know of use shared media out in the individual labs for cost savings. That doesn't mean their staff doesn't know what they're doing. It doesn't mean they don't have switches on the core, or even in other locations. But it does mean that if you plug your laptop into a random port in say the robotics lab, your data is probably sniffable at least to other ports in the room.
These things are truths. Data is sniffable in at least some situations. Deal with it.
1. Cable is a shared medium. It doesn't matter what kind of cable modem you're using, all the other cable modems on your segment see your traffic. It's that simple. There's nothing you can do about it but use encryption. That doesn't mean somebody is actually snooping your cable data, but it does mean that somebody could be doing it and there's nothing you can do about it.
2. All Universities I know of use shared media out in the individual labs for cost savings. That doesn't mean their staff doesn't know what they're doing. It doesn't mean they don't have switches on the core, or even in other locations. But it does mean that if you plug your laptop into a random port in say the robotics lab, your data is probably sniffable at least to other ports in the room.
These things are truths. Data is sniffable in at least some situations. Deal with it.
> Cable is a shared medium.
What medium is not shared, except for line-of-sight microwave, or an earth-satellite link?
> There's nothing you can do about it but use encryption
Exactly, and that's exactly what the Terayon cable-modem does,
so that any "sniffing" will not work.
> there's nothing you can do about it.
Wrong, as I've shown.
> your data is probably sniffable at least to other ports in the room.
Probably? Well, is it, or isn't it?
The answer, at least at the local university is "not".
Now, has any of this dialogue helped the author of this question?
If not, then open your own E-E question, and let's continue in that question, rather than "cluttering" this question.
Focus! Focus!
What medium is not shared, except for line-of-sight microwave, or an earth-satellite link?
> There's nothing you can do about it but use encryption
Exactly, and that's exactly what the Terayon cable-modem does,
so that any "sniffing" will not work.
> there's nothing you can do about it.
Wrong, as I've shown.
> your data is probably sniffable at least to other ports in the room.
Probably? Well, is it, or isn't it?
The answer, at least at the local university is "not".
Now, has any of this dialogue helped the author of this question?
If not, then open your own E-E question, and let's continue in that question, rather than "cluttering" this question.
Focus! Focus!
OK, just one last comment before returning to useful stuff....
According to what's on the Terayon web site, their cable modems do _not_ do encryption. They do support MPLS, but that doesn't encrypt, so someone with a non Terayon cable modem could definitely sniff the traffic.
According to what's on the Terayon web site, their cable modems do _not_ do encryption. They do support MPLS, but that doesn't encrypt, so someone with a non Terayon cable modem could definitely sniff the traffic.
> how can a homepage be secured?
SSL, add logins, don't allow dynamic updates, be cautious with links; don't use frontpage
> security be handle by the server site?
yes.
For your requirements, consider this sufficient
> can i do anything to make my homepage more secure?
Keep it static.
Use static pages.
Do not allow (buy into) anonymous uploads such as FTP, even if ISP permits
Also:
Maintain your own backups. Schedule a periodic check that compares the backup file on the desktop, with the real file on the server. There are several programs easily available that do this. Even old DOS had a couple of compare programs. If files are different, call ISP and ask for restore, telling them why (let them re-shut the door).
SSL, add logins, don't allow dynamic updates, be cautious with links; don't use frontpage
> security be handle by the server site?
yes.
For your requirements, consider this sufficient
> can i do anything to make my homepage more secure?
Keep it static.
Use static pages.
Do not allow (buy into) anonymous uploads such as FTP, even if ISP permits
Also:
Maintain your own backups. Schedule a periodic check that compares the backup file on the desktop, with the real file on the server. There are several programs easily available that do this. Even old DOS had a couple of compare programs. If files are different, call ISP and ask for restore, telling them why (let them re-shut the door).
> how can a homepage be secured?
make it read-only.
never edit it, or design it, always copy/overlay an update
Do not permit anything else to use that location
> that all the security be handle by the server site?
No, Not for networking. This would use firewall, DMZ, etc., different H/W from the server.
make it read-only.
never edit it, or design it, always copy/overlay an update
Do not permit anything else to use that location
> that all the security be handle by the server site?
No, Not for networking. This would use firewall, DMZ, etc., different H/W from the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If a hacker manages to get access to that file then they can modify it or substitute any web page that they like.