Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web Site/Server Security 1

Status
Not open for further replies.
Mighty

Mighty

Programmer
Feb 22, 2001
1,682
US
I am new to the whole secure website stuff. The company I work for are setting up a customer oriented website. The server will be housed onsite and we are getting a lease line for a permenent connection to the server. Clients will be able to order online and track orders and view stock levels, etc. ( at the moment, there will be no need to transfer credit card details although this may change in the future ).

What do I need to think about in relation to security. Do I need a firewall? Do I need to use SSL? All advice would be appreciated.
 
Sort by date Sort by votes
Firewall -- Definately. I managed the servers at my last job, and about twice a day someone would be doing an IP address range scan (scanning from x.x.x.1 to x.x.x.254 to see if any hosts respond). We used a Cisco PIX, but there are many good solutions out there, most of which are cheaper. Probably the easiest and cheapest if you have any *nix experience would be a Linux box. You could also use one of the Cable Modem/DSL routers (like the NetGear or LinkSys) that have built-in firewall protection (but they'd be my 2nd choice -- a "real" firewall is much better).

You want to use SSL if customers are going to be entering things like credit-card numbers, or anything which "overheard" by a bad guy could result in a customer or yourself losing money. You probably want one in any case, just so customers get warm & fuzzy feelings about you. There are a number of SSL certificate authorities out there -- Verisign is the biggest, and probably the one that charges the most money, but they also do the best job of ensuring that your business is trustworthy.

Chip H.
 
Upvote 0 Downvote
If you want a good cheap firewall, I recommend FreeBSD or better yet, OpenBSD. It's a little more work, but the vulnerability list for the *BSDs less than half as long as the Linux vulnerability list, and tends to get fixed faster. I'm not trying to be down on Linuxes, but I found that Linux focuses on cutting edge, while *BSD tends to focus on security and stability.

I have only set up a FreeBSD firewall twice, but I already have it down to about a 2 hour process to recompile the kernel with IP firewall support, configure two NICs (internal and external) and set up firewall rules. With a bit more study and a couple shell scripts, I could probably get it down to half an hour.

For secure server, we have just this year had one of the best things happen: the expiration of the RSA SSL encryption restrictions. Meaning it is now possible to get a completely open-source version of Apache with SSL support (check out The only thing you have to pay for is your digital ID.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
114
ISDPCMAN
ISDPCMAN
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
100
gbayi_omo
gbayi_omo
jfp23
  • Locked
  • Question
Site to Site VPN Security
Replies
2
Views
127
PScottC
PScottC
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
101
markd885
markd885
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
118
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top