Re: Securing Fedora Core 4

• Previous message: kucserak_at_post.sk: "routing_based_on_port/services"
• Next in thread: Stephen J. Smoogen: "Re: Securing Fedora Core 4"
• Maybe reply: Stephen J. Smoogen: "Re: Securing Fedora Core 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 2 Oct 2005 15:49:28 -0700
To: Glynn Clements <glynn@gclements.plus.com>

I agree with this completely and after a few years of not taking this approach have had to many headaches to count. Within a few weeks I will have my web services moved to a dedicated computer with no internal privileges and be able to sleep a little better at night. :)

On Sun, Sep 25, 2005 at 01:44:16AM +0100, Glynn Clements wrote:
>
> AragonX wrote:
>
> > Well, the offices that I will be setting up are rather small and I can't
> > convince them to separate the services to multiple machines.
> >
> > So basically, the servers will have to do everything. Email, web,
> > firewall, gateway, file & print. Those are the tasks it will have to
> > perform.
>
> > Email and web are the services that will be available to the Internet.
>
> The public web server should definitely be a separate box, especially
> if it has any kind of CGI or scripting capability (i.e. mod_cgi,
> mod_perl, mod_php etc), and it shouldn't be given any trust (i.e. any
> firewall rules or access lists which distinguish between "internal"
> and "external" systems should treat the web server as external).
>
> Rule #1 of running a web server: assume that it is going to get
> compromised occasionally. Obviously, you try to prevent that, but
> don't assume that you will be entirely successful.
>
> --
> Glynn Clements <glynn@gclements.plus.com>

-- 
 Scott Rippee
   scott@hypexr.org
   http://www.hypexr.org

• Previous message: kucserak_at_post.sk: "routing_based_on_port/services"
• Next in thread: Stephen J. Smoogen: "Re: Securing Fedora Core 4"
• Maybe reply: Stephen J. Smoogen: "Re: Securing Fedora Core 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Separate shell and www servers... ... > I want to separate our web server from our shell server and put them ... /usr/www - Web (Apache DocumentRoot) ... And a convenient symlink: ... (Fedora) Looking for ideal web-server partitions ... No mail servers or other complicated stuff, just a plain-vanilla web server ... I've heard arguments for and against a separate /db and/or /tmp partition as ... (freebsd-questions) Re: Is garbage collection here yet? ... Volker Hetzer wrote: ... which doesn't go to a separate QA department ... Heck, without any packages, only pure Tcl, you can implement a simple ... web server in only 40 lines of code: http://wiki.tcl.tk/4333 ... (comp.lang.tcl) Re: remote desktop web connection activex control ... OK, I see that- yes, the web server is separate from the terminal ... users are not getting the offer of downloading the ... control from the sample web page. ... (microsoft.public.windowsxp.work_remotely)