Re: Restricting access to a web server by IP
From: Jayson Ferron (jferron@interactivesecuritytraining.com)
Date: 02/18/03
- Next message: Nikitas F.: "Re: BlackIce questions."
- Previous message: Robert L: "Re: Restricting access to a web server by IP"
- In reply to: adeveloper: "Restricting access to a web server by IP"
- Next in thread: NeoSadist: "Re: Restricting access to a web server by IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jayson Ferron" <jferron@interactivesecuritytraining.com> Date: Tue, 18 Feb 2003 09:20:36 -0500
if you web server is windows 2k the use the rras function to filter the
interface to the internet to only allow incoming and out going connections
to certain ports and address. as you allow other services to be reached from
the internet you open up security issues. ( telnet as a service is a example
because you login into telnet using plain text and anyone using a sniffer
could see your data. so try not to expose telnet to the net) You should be
using a fire wall and you could set up a vpn for your employees. then they
would be validated to your network and be inside the fire wall as trusted
users, then your list of services that you allow direct access to the net is
reduced.
I would look at the following security holes ( MAIL, TELNET, FTP, WEB, etc.)
what services do you need the public to see. Also download the security
toolkit www.microsoft.com/security and stay up on patches.. Remove any non
needed services on the box that will be seen by user on the internet.
use the iis lockdown kit to remove sample, and non need configurations from
IIS
-- Jay Ferron ADSI, CCDA, CCNA, CISSP, MCP, MCDBA, MCSE, MCT, NSA - IAM "adeveloper" <adeveloper@test.com> wrote in message news:b2t72a$n7p$1@sparta.btinternet.com... > Hi, > > We are currently considering if we should restrict access to our windows > 2000 web servers by IP address (so that the firewall only gives access to a > list of allowed users). This would be done for things like access for > remote control clients (terminal services, telnet, etc), etc - we remotely > administer the machine with terminal services. I suppose it would be done > for all ports except port 80 ideally. However this has some costs > implications (we are a small company) and we are debating whetrher it is > worth it. > > The argue for is that it secures us from hackers who specially target the > machine, and it secures very vulnerable areas (such as remote control > software that can give control of the entire machine). > The agrument against is that mpst vulnerabilities seem to come through port > 80 anyway and that the best secruity measure is to keep up to date on all > patches, and that the risk of a individual hacker targetting you are quite > low - most risks come from worms trojans, etc (although we have been > targeted once before...). > > I just wanted to know what other peoples experiences where with securing web > servers, and blocking access to all IPs accept those on the allowed list - > what would you advise? > > Grateful for any info > Pete > >
- Next message: Nikitas F.: "Re: BlackIce questions."
- Previous message: Robert L: "Re: Restricting access to a web server by IP"
- In reply to: adeveloper: "Restricting access to a web server by IP"
- Next in thread: NeoSadist: "Re: Restricting access to a web server by IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
