[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

Need help securing a web/email server

I was planning on hosting my own websites and email server here at home. Question is what do I do to secure the web/email server? What precautions should I do so that it won't be hacked? Also, if I make my server into a web/email server...should I not leave personal and important files on that particular server? You know, in case a hacker breaks in and takes my personal files.
0
Sith_Lord
Asked:
Sith_Lord
  • 3
  • 3
  • 2
1 Solution
 
HousenetCommented:
-Install an inexpensive nat device (nexland, linksys).This will let you secure the server by allowing only say tcp ports 80 for web, & 25-110 for email.
-Configure the email to not allow relaying of email. This is important because there are thousands of seedy script kiddies wanting to spam their junk mail through your server.
-If you're going to use Nt & IIS to host your websites, make sure the server has all the security related critical updates, & service pack. Apply the IIS lockdown wizard utility. This will stop 99% of known vunerabilities related to obtaining unauthorized access through port 80. It also logs the activity of people attempting to use the exploits against your server to file with a urlscan filter.
-Im not specifically recommeding Nt & IIS, it just happens to be the area Im most familiar with. If you decide to use unix-linux you'd simply have to research the known security issues with the web server daemon used.
0
 
Sith_LordAuthor Commented:
Ok...before I grade you. I got this DSL router with NAT http://www.speedstream.com/products.html#wired  What do you think about this? Is this sufficient? And can you please answer the last part of my question. "Also, if I make
my server into a web/email server...should I not leave personal and important files on that particular
server? You know, in case a hacker breaks in and takes my personal files."
0
 
HousenetCommented:
-I checked & yes speedstream does exactly what I mentioned.. Its as simple as picking the predefinded incoming protocol to the private ip address of the server.
-If you configure the server as I described, your server would be secure & it would highly unlikley that someone would get your files. I personally would store the files on a machine not hosting internet services & not in a shared folder.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
Sith_LordAuthor Commented:
Ok man! Your very close to getting a A+++++!! LOL, There are documents,music files, picture files etc etc that I share with my 2 brothers and my father...including me. So that's a total of 4 workstations plus the server. So what your saying is that I should have just ONE server for the file sharing and ANOTHER SERVER for web/email server??? But if thats the case and all computers are networked...can't a hacker ( that is if he manages to break in ) just find his way to the file server and take those files?
0
 
SunBowCommented:
IMO separate eMail And web from each other. Separate PCs. Upgrade to the hilt with all patches. Offline. Before plugging in. No firewall or A/V can be complete defense if OS not patched with all the bandaids.
0
 
SunBowCommented:
How's it spelled? Oxymoron: IIS security.
0
 
HousenetCommented:
Sith_Lord here's the thing & I cant stress this enough...If you apply the patches I described & test with the tools I descibed it would be extreemly dificult to get a file from your server...
-Where & how you store your files is a personal decision. Judge for yourself what the impact of a personal file falling into the hands of a professional hacker would be.. I personally would never save credit card info or anything a hacker could maliciously use against me on a computer connected to the internet full-time. Since I dont have files like this, I wouldnt care if the NSA copied everything personal off my web server..
0
 
Sith_LordAuthor Commented:
Hey man! Thanks for the help!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now