|
| |
| Security and |
 |
Security is one of the main concerns of the Internet
due to an ever increasing threat from hackers, crackers, viruses, worms and
Trojans!
Here are some tips to make your system more secure:
|
Keep
your server updated with the latest security patches |
Microsoft
has websites and tools available that are well suited for this
purpose. Remember, the further your server is behind, the more
vulnerable it is to attack. |
|
Shut
down what's not needed |
Microsoft's
operating systems install all kinds of "neat stuff" by default
to make it easy for folks with less computer experience to get things to
work. 80% or more of those things are not needed if you use the
server solely for file exchange purposes. Remove items such as
sample web sites that start automatically by default. |
|
Limit
the access to your system |
Different
applications talk to different entry points (Ports) on the server.
To transfer files to your server, the only Ports you need to allow to be
accessible from the Internet are "20" (for the data stream) and
"21" (for the flow control). This enables the full
functionality of File Transfer Protocol (FTP). In Windows 2000™,
you can configure the TCP/IP protocol for each network card and filter on
these ports. This greatly reduces the possibilities to exploit
system vulnerabilities. |
|
Separate
traffic by purpose |
If
you are investing hundreds of dollars into a file exchange
infrastructure, then spend another ~$50 for an extra network card to
connect your server to the Internet through a separate hardware
interface. This eliminates the need to develop elaborate filters
because there is only limited purpose for the Internet connection that
it's allowed to be used for. Also, in most cases this eliminates the
need for an extra firewall and gives you better throughput towards the
internal network. |
|
Install
and maintain a real-time virus scanner |
Remember,
you are opening your door for everything that a client wants to send to
you. This package could intentionally or unintentionally contain viruses
or a bomb. Don't skimp on the virus protection package...a good,
commercial-grade virus scanner is worth the cost as it protects your
entire infrastructure! McAffee, Norton AntiVirus and CA's eTrust
InnoculateIT are examples of commercially available products that do a
very good job of protecting against infected files IF you set them up to
automatically scan incoming files. You should also frequently update
the Virus signature files. These files are part of the virus scanner
you install and the more current you are on the signatures, the better
protected you are. |
|
Don't
leave your door unlocked |
Don't
allow anonymous logons. Beside the fact that anyone anywhere on the
Internet can use your system and place all sorts of junk on it, this sort
of upload capability can create a real headache for permission
management. It can even get to the point where not even the systems
administrator can delete files anymore. Anonymous logons are a great
idea for download and distribution sites for general information.
They should not be allowed for upload sites containing confidential,
semi-confidential or private information. The most efficient way to
limit access to your upload server is to have a leveraged userID and
password.
With FTPWatcher, all
files are removed from the Internet-facing directory after they are
received and any information placed on the server is no longer available
from the Web. This aspect makes misuse unattractive to a high
percentage of the hacker community. |
Security Consulting is a service we provide.
If you need help with Security, please Contact
Us...
|
