server security

[XxR0ckMAnxX]

Not sure that this belongs here , if it doesnt then i apologizebut i havnt heard too many people talk about this either. with the broadband becoming more readily available more people have gained interest in running small (and even big) web servers for all sorts of stuff. Ive been searching around but i havnt found any good tips or tutorials on server security. Im not looking for any specific help on anything just for tips on some of the more general things like IIS, apache, ftp and other simillar things. Hope someone can contribute and thanks in advance.

 

[Shadey]

_http://www.pnltools.com/SecureIIS.asp
IIS is pretty crap security wise, the flaws in its security features lets it down greatly, dispite the updates ms release. Though there are tools out there that can help re-inforce security, one such tool is secure IIS, of course if MS did the job correctly in the first place you wont need such tools.

_http://httpd.apache.org/
Apache HTTP servers seem to be more reliable, though not having used it much myself i cant personally say. though that the general response youd get with guys experienced with apache and IIS. The link above is a good source of info. Security wise it seems more reliable than IIS, and being open source theres a wide range of expertise amongst its contributors.

_http://logi.cc/linux/athome-firewall.php3
Off course if you run a server be it FTP or HTTP, the best protection from attacks is a good solid firewall. Alot of it has been discussed in this forum (CDRSoft). The recommended firewall *software (windows) applications* are Sygate & Kerio. Though a hardware stateful firewall would be better, be it on router or a dedicated firewall computer. There can be some very powerful stateful firewalls found on Linux.

Hope this is helps.

 

[XxR0ckMAnxX]

thanks for the info, i really appreciate it!