> -----Original Message----- > From: apif [mailto:[EMAIL PROTECTED]] > 1. Given port 80 (and only port 80) is open to the outside > world, if someone were to breach that port, could they do > more than deface my website?
Yes. Once they get in, they can take control of that system, install a listener (running on port 80), and tunnel any traffic they want through there. They can connect to any system this machine trusts, attempt to decrypt other passwords, sniff on your network, possibly access the router (since they're now inside) and change its settings... > 2. Is a home router that does src port blocking, packet > intraspection, and NATing enough, or do I need a middle box > running some form of firewall software too? Maybe a firewall, an IDS if you're a bit parano, and (most important): keep the system up-to-date and patched! Of the three the patching is most important. The middle-box firewall I would install between the web server and the other systems to create a DMZ which would seriously help contain any break-in to the web server. I'd install Linux on that middle-box, and run snort on it (so you have IDS as well)... > > -----Original Message----- > From: apif [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 16, 2002 2:25 PM > To: [EMAIL PROTECTED] > Subject: seeking a better understanding > > > All, > > Where to begin? I have a home network, and am > considering putting in a web server. At this point I am > considering the security of it. I suppose the best way to > help you in helping me is to tell you a little about me, my > network, and how I plan on using this. > > I'm from a technical background and support MS servers. I > have very little experience in Linux, and only a little in > security. Security mostly comes from another group in my company. > > My connection to the internet is DSL. I am planning to > upgrade it to a premuim connection so that I can have static > IP's. A domain name and DNS registration will be a course of > action further down the line. > > My home network consists of less than 5 boxes, each running > varying O/S's. All MS O/S's are running personal firewalls. > Other boxes are Linux. > > I have a netgear R0318 router which is up to date on it's > firmware. It supports NATing, packet intospection, and blocks > ports except where I specify they should be allowed through. > > So here is the run down. I'm weak on Linux, but that is what > I want to put the web server on. It will run on Apache web > software. All machines are behind the router, and all > addresses are NAT'd. I would project out port 80 for the > Slackware Linux machine, and no others (except maybe FTP at > some point unless you think this would not be wise). I > currently do not have any A/V software on my linux box (and > to be honest, have no idea what sort of A/V to put on a linux box). > > Now that you have the background, my questions comes down to > this. If port 80 is the only port allowed through, and > someone chose to attack this port, could they compromise my > system, and if so how? What other steps should I take to > protect this system? I see IPTables (I guess it replaced > IPchains) in slackware. I know this is a firewall, but I > don't think it is like the personal firewall I have on MS > boxes. I suspect it is more like a full corp class firewall, > and probably as complicated. Should I be using this on my > Slackware machine? Do you have any suggestions of what A/V > software I should use on a linux machine, and do the spot > trojans as the MS ones do? Thank you for your time. I'm sorry > this was so long. > > > >
