Solved

Need help securing a web/email server

Posted on 2002-03-05
8
178 Views
Last Modified: 2010-04-11
I was planning on hosting my own websites and email server here at home. Question is what do I do to secure the web/email server? What precautions should I do so that it won't be hacked? Also, if I make my server into a web/email server...should I not leave personal and important files on that particular server? You know, in case a hacker breaks in and takes my personal files.
0
Comment
Question by:Sith_Lord
  • 3
  • 3
  • 2
8 Comments
 
LVL 12

Expert Comment

by:Housenet
ID: 6846094
-Install an inexpensive nat device (nexland, linksys).This will let you secure the server by allowing only say tcp ports 80 for web, & 25-110 for email.
-Configure the email to not allow relaying of email. This is important because there are thousands of seedy script kiddies wanting to spam their junk mail through your server.
-If you're going to use Nt & IIS to host your websites, make sure the server has all the security related critical updates, & service pack. Apply the IIS lockdown wizard utility. This will stop 99% of known vunerabilities related to obtaining unauthorized access through port 80. It also logs the activity of people attempting to use the exploits against your server to file with a urlscan filter.
-Im not specifically recommeding Nt & IIS, it just happens to be the area Im most familiar with. If you decide to use unix-linux you'd simply have to research the known security issues with the web server daemon used.
0
 

Author Comment

by:Sith_Lord
ID: 6846226
Ok...before I grade you. I got this DSL router with NAT http://www.speedstream.com/products.html#wired  What do you think about this? Is this sufficient? And can you please answer the last part of my question. "Also, if I make
my server into a web/email server...should I not leave personal and important files on that particular
server? You know, in case a hacker breaks in and takes my personal files."
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6846265
-I checked & yes speedstream does exactly what I mentioned.. Its as simple as picking the predefinded incoming protocol to the private ip address of the server.
-If you configure the server as I described, your server would be secure & it would highly unlikley that someone would get your files. I personally would store the files on a machine not hosting internet services & not in a shared folder.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:Sith_Lord
ID: 6846307
Ok man! Your very close to getting a A+++++!! LOL, There are documents,music files, picture files etc etc that I share with my 2 brothers and my father...including me. So that's a total of 4 workstations plus the server. So what your saying is that I should have just ONE server for the file sharing and ANOTHER SERVER for web/email server??? But if thats the case and all computers are networked...can't a hacker ( that is if he manages to break in ) just find his way to the file server and take those files?
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6847766
IMO separate eMail And web from each other. Separate PCs. Upgrade to the hilt with all patches. Offline. Before plugging in. No firewall or A/V can be complete defense if OS not patched with all the bandaids.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6847771
How's it spelled? Oxymoron: IIS security.
0
 
LVL 12

Accepted Solution

by:
Housenet earned 100 total points
ID: 6849248
Sith_Lord here's the thing & I cant stress this enough...If you apply the patches I described & test with the tools I descibed it would be extreemly dificult to get a file from your server...
-Where & how you store your files is a personal decision. Judge for yourself what the impact of a personal file falling into the hands of a professional hacker would be.. I personally would never save credit card info or anything a hacker could maliciously use against me on a computer connected to the internet full-time. Since I dont have files like this, I wouldnt care if the NSA copied everything personal off my web server..
0
 

Author Comment

by:Sith_Lord
ID: 6849404
Hey man! Thanks for the help!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question