Sith_Lord
asked on
Need help securing a web/email server
I was planning on hosting my own websites and email server here at home. Question is what do I do to secure the web/email server? What precautions should I do so that it won't be hacked? Also, if I make my server into a web/email server...should I not leave personal and important files on that particular server? You know, in case a hacker breaks in and takes my personal files.
ASKER
Ok...before I grade you. I got this DSL router with NAT http://www.speedstream.com/products.html#wired What do you think about this? Is this sufficient? And can you please answer the last part of my question. "Also, if I make
my server into a web/email server...should I not leave personal and important files on that particular
server? You know, in case a hacker breaks in and takes my personal files."
my server into a web/email server...should I not leave personal and important files on that particular
server? You know, in case a hacker breaks in and takes my personal files."
-I checked & yes speedstream does exactly what I mentioned.. Its as simple as picking the predefinded incoming protocol to the private ip address of the server.
-If you configure the server as I described, your server would be secure & it would highly unlikley that someone would get your files. I personally would store the files on a machine not hosting internet services & not in a shared folder.
-If you configure the server as I described, your server would be secure & it would highly unlikley that someone would get your files. I personally would store the files on a machine not hosting internet services & not in a shared folder.
ASKER
Ok man! Your very close to getting a A+++++!! LOL, There are documents,music files, picture files etc etc that I share with my 2 brothers and my father...including me. So that's a total of 4 workstations plus the server. So what your saying is that I should have just ONE server for the file sharing and ANOTHER SERVER for web/email server??? But if thats the case and all computers are networked...can't a hacker ( that is if he manages to break in ) just find his way to the file server and take those files?
IMO separate eMail And web from each other. Separate PCs. Upgrade to the hilt with all patches. Offline. Before plugging in. No firewall or A/V can be complete defense if OS not patched with all the bandaids.
How's it spelled? Oxymoron: IIS security.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey man! Thanks for the help!
-Configure the email to not allow relaying of email. This is important because there are thousands of seedy script kiddies wanting to spam their junk mail through your server.
-If you're going to use Nt & IIS to host your websites, make sure the server has all the security related critical updates, & service pack. Apply the IIS lockdown wizard utility. This will stop 99% of known vunerabilities related to obtaining unauthorized access through port 80. It also logs the activity of people attempting to use the exploits against your server to file with a urlscan filter.
-Im not specifically recommeding Nt & IIS, it just happens to be the area Im most familiar with. If you decide to use unix-linux you'd simply have to research the known security issues with the web server daemon used.