?
Solved

Configuration of a WEb server and security issues

Posted on 2004-04-28
4
Medium Priority
?
142 Views
Last Modified: 2013-12-04
I need some help in regards to setting up a web server and the security issues related to that. The plan is;
*The web server will be placed in a DMZ.
*It will only provide viewable information, meaning that users from the outside will not be able to write to it or download anything; only view the web page with information on it.
*It will be administered from the local network probably via SSL.

My questions are;
* Which services/protocols are abslolutely necesary for the server to function as described(I want to turn off/block everything not necessary).
* Is there a need for Anti-virus software on the server? My reasoning being that since nobody but a few authorized personal should have access to the server viruses should not be a concern or?

Thank you in advance
twallstr
0
Comment
Question by:twallstr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10941617
What is the server OS?

If its a new server I would highly recommend Windows 2003 Server as it is very locked down and most services come now preconfigured as stopped and disabled.

The Web Edition of the server 2003 OS might be the most advantageous for you....
http://www.microsoft.com/windowsserver2003/evaluation/overview/web.mspx
0
 

Author Comment

by:twallstr
ID: 10942136
diggidaur

Thanks for your answer but ..does it really matter which server I will use? I really don't trust that the vendor (Microsoft) will lock down the server sufficently. I feel it's better to know what to run and check things myself.
But if it does matter I was thinking of using the Web edition 2003 :-)

twallstr
0
 
LVL 3

Expert Comment

by:justintx
ID: 10942256
well, you of course need 80 and 443 access to your server on the DMZ... 80 to the internet and 443 to your local network to administer it.  you also need to set up an SSL cert on it.  you need to set your file permissions to allow read-only access to your directories.  as far as AV goes, be safe.  put AV protection on it.  it's much better to have a secured system (at a low price to you) than to have an infected web server.

i'm not sure if this is what all you're looking for...

justintx
0
 
LVL 7

Accepted Solution

by:
rhrowson earned 600 total points
ID: 10943323
On the public interface ports 80 and 443 if you are using http and https. Port 25 for outbound SMTP and that is it. If it is a DMZ, the management NIC (for want of a better term) will have the ports open that is needed. Services that wil be needed are SMB, DNS, if you connect via a NT client, NetBIOS. Possibly RPC. Https if you want to use an SSL channel to administer it from a browser. SNMP to monitor.

The best advice is to plan your installation and what it needs to deliver. Do a risk assessment and then enable the necessary services.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question