posted by ADMIN // June 29, 2009 // Build Your Website

Stories about new viruses circulating through e-mail have become common. Reports of hackers stealing a company's data or crashing its Web site are less common, but the danger of it happening is ubiquitous and real. As you prepare to Web-enable your business, it is vital that you take the necessary steps to secure your server and business data.

If you hire a Web hosting company, they will configure your server's operating system, configure the basic services (Web, FTP, and e-mail), and manage the server's security. Make sure the hosting company offers comprehensive virus protection, spam protection and e-mail filtering, power backups, and 24/7/365 network monitoring. If you plan on building an e-commerce site, check that the company also offers an SSL secure server.

Working with a Web hosting company that offers these services will relieve you of 95% of the work involved in securing your business. The remainder of this article discusses the most important security issues and procedures when hosting your own server.

When it comes to securing a Web site that you host yourself, it doesn't matter what type of Internet connection you have (DSL, cable modem, T1, etc.). Also, don't let the hype regarding Microsoft Windows vs. Linux/Unix security fool you. All operating systems have security issues. We tend to hear more about Windows security issues because there are many more Windows servers than Linux/Unix servers, making Windows a more frequent target for hackers and viruses.

Securing your own Web server requires basic and sometimes advanced knowledge of technologies like firewalls, NAT, anti-virus software, intrusion detection, and file-level security.

Firewalls: The First Line of Defense

First and foremost, your server must be behind a firewall. A firewall is a device (software or hardware) designed to prevent unwanted Internet traffic from gaining access to your server. Communication over the Internet takes placing using a protocol called TCP/IP. As you may know, every computer on the Internet (including servers) has an IP address. A single server may host a Web site, e-mail server, FTP server, and other services: each of these services requires a different type of data and communications. To ensure that e-mail data gets to the e-mail server, that Web page requests get to the Web server, and so on, a server communicates over multiple ports. Ports are separations within the IP address that direct data to the correct services on the server.

Firewalls allow data to reach certain ports and prevent data from reaching others. In general, you should set up your firewall to only allow access to the ports being used on your server. For instance, if your server only hosts a Web site, set your firewall to block all traffic except port 80, the port for Web services. By doing this you ensure that your server is shielded from all hack attempts except those that come from the Web service. This technique is akin to boarding up all the windows in your house and nailing all the doors closed but one. Burglars are less likely to attempt breaking in, and if they try, there's only one door unlocked so it's much easier to guard.

Network Address Translation (NAT): Second Line of Defense

A Network Address Translation (NAT) is similar in function to a firewall. A NAT device--which is most often your router--is the networking hardware that is directly connected to the Internet. All the computers and servers on your internal network have IP addresses (for example, 192.168.1.143 or 172.4.23.2) that have been reserved for private, internal networks. The NAT device is configured to redirect traffic from a public IP address to a specific server on your network. Most redirecting is done on a port-by-port basis. For instance, if the NAT device's public IP is 67.100.34.176 and access to an internal Web server is needed, the NAT can be configured to direct port 80 traffic to your internal Web server and not allow any traffic on other ports.

In essence, a NAT gives the same results as a firewall, but it does it in a slightly different manner. Properly configuring your NAT device to direct traffic to the appropriate server and excluding all other traffic is key to securing your business.

Article Source:

Please login or register to post a new comments