Solved

Need help securing a web/email server

Posted on 2002-03-05
8
175 Views
Last Modified: 2010-04-11
I was planning on hosting my own websites and email server here at home. Question is what do I do to secure the web/email server? What precautions should I do so that it won't be hacked? Also, if I make my server into a web/email server...should I not leave personal and important files on that particular server? You know, in case a hacker breaks in and takes my personal files.
0
Comment
Question by:Sith_Lord
  • 3
  • 3
  • 2
8 Comments
 
LVL 12

Expert Comment

by:Housenet
ID: 6846094
-Install an inexpensive nat device (nexland, linksys).This will let you secure the server by allowing only say tcp ports 80 for web, & 25-110 for email.
-Configure the email to not allow relaying of email. This is important because there are thousands of seedy script kiddies wanting to spam their junk mail through your server.
-If you're going to use Nt & IIS to host your websites, make sure the server has all the security related critical updates, & service pack. Apply the IIS lockdown wizard utility. This will stop 99% of known vunerabilities related to obtaining unauthorized access through port 80. It also logs the activity of people attempting to use the exploits against your server to file with a urlscan filter.
-Im not specifically recommeding Nt & IIS, it just happens to be the area Im most familiar with. If you decide to use unix-linux you'd simply have to research the known security issues with the web server daemon used.
0
 

Author Comment

by:Sith_Lord
ID: 6846226
Ok...before I grade you. I got this DSL router with NAT http://www.speedstream.com/products.html#wired  What do you think about this? Is this sufficient? And can you please answer the last part of my question. "Also, if I make
my server into a web/email server...should I not leave personal and important files on that particular
server? You know, in case a hacker breaks in and takes my personal files."
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6846265
-I checked & yes speedstream does exactly what I mentioned.. Its as simple as picking the predefinded incoming protocol to the private ip address of the server.
-If you configure the server as I described, your server would be secure & it would highly unlikley that someone would get your files. I personally would store the files on a machine not hosting internet services & not in a shared folder.
0
 

Author Comment

by:Sith_Lord
ID: 6846307
Ok man! Your very close to getting a A+++++!! LOL, There are documents,music files, picture files etc etc that I share with my 2 brothers and my father...including me. So that's a total of 4 workstations plus the server. So what your saying is that I should have just ONE server for the file sharing and ANOTHER SERVER for web/email server??? But if thats the case and all computers are networked...can't a hacker ( that is if he manages to break in ) just find his way to the file server and take those files?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 24

Expert Comment

by:SunBow
ID: 6847766
IMO separate eMail And web from each other. Separate PCs. Upgrade to the hilt with all patches. Offline. Before plugging in. No firewall or A/V can be complete defense if OS not patched with all the bandaids.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6847771
How's it spelled? Oxymoron: IIS security.
0
 
LVL 12

Accepted Solution

by:
Housenet earned 100 total points
ID: 6849248
Sith_Lord here's the thing & I cant stress this enough...If you apply the patches I described & test with the tools I descibed it would be extreemly dificult to get a file from your server...
-Where & how you store your files is a personal decision. Judge for yourself what the impact of a personal file falling into the hands of a professional hacker would be.. I personally would never save credit card info or anything a hacker could maliciously use against me on a computer connected to the internet full-time. Since I dont have files like this, I wouldnt care if the NSA copied everything personal off my web server..
0
 

Author Comment

by:Sith_Lord
ID: 6849404
Hey man! Thanks for the help!
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now