Re: hide ip address of website (no domain name)
From: Jeffrey C. Keyser (jkeyser@perfectorder.com)Date: 11/30/01
- Previous message: dumbwabbit: "Re: Ip Spoofing I Think"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Nov 2001 16:43:29 -0500 From: "Jeffrey C. Keyser" <jkeyser@perfectorder.com> To: julia@cgia.state.nc.us
julia@cgia.state.nc.us wrote:
>
> hi all
>
> i have just had a webserver 'dropped' on me to
>
> administer, and being new to administering
>
> iis5/w2k sp2, i could use some advice.
>
> i've been surfing around various security sites all
>
> day and haven't hit paydirt yet - or it could be that i'm
>
> just too new to recognize the answer and need
>
> someone to spell it out for me :)
>
> here's the most burning (currently) question i have:
>
> how can i hide the ip address in the url address line
>
> of an end users browser when someone visits my
>
> website AND hide both the ip & netbios name of my
>
> webserver from any other programs/scanners/etc ?
>
> will proxy server installed on the box or using host
>
> headers work, & if so, what do i need to do to set it
>
> up properly.
>
> here's what i got to work with:
>
> 1) server has no domain name, just an ip address
>
> 2) it serves only a single ArcIMS website & does
>
> nothing else
>
> 3) i got no firewall software or hardware at the
>
> moment (would welcome free or low cost
>
> suggestions. yes, i know you generally
>
> get what you pay for, but small, cost-recovery
>
> govt agencies have no $$ to work with)
>
> 4) we aren't using active directory and we dont have
>
> an nt domain, just a workgroup - our name server
>
> is not running a microsoft OS.
>
> 5) iis lockdown tool was installed before ArcIMS
>
> webmapping software was installed & configured.
>
> (ArcIMS uses java servlets and the viewer
>
> application uses lotsa javascript and has
>
> various communications going on between
>
> various parts of it that are not on port 80. it is
>
> notoriously easy to screw up when you're tyring
>
> to harden up your webserver, so that's always
>
> an iffy situation.)
>
> many thanks in advance for any help
>
> anyone can provide,
>
> julia
How about installing on of the open source firewalls in front of it and
using port redirection? As far as the NetBT is concerned, it should
NEVER be running on a web server in the first place. Aside from
improving host security, you'll get better performance from the services
that you do need when disabling all the services that you don't. Using
Win2K/IIS, this box could probably use all the help it can get. :)
Example: Assign the above mentioned IP address to the external interface
of the firewall and redirect the inbound port 80 request to the web
server which would get a private (RFC 1918) address. All non-essential
ports should be dropped.
Good luck,
-- Jeffrey C. Keyser
- Previous message: dumbwabbit: "Re: Ip Spoofing I Think"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
