The very first thing that should be on your network is a GOOD firewall. I can’t tell you how many times that I have seen people think that Black ICE and other software-like firewalls will protect you.For those of you hosting your own sites or thinking about it, let me fill you in on what steps you really need to go through to protect your network.

Hardware:

The very first thing that should be on your network is a GOOD firewall. I can’t tell you how many times that I have seen people think that Black ICE and other software-like firewalls will protect you. They can show you an attack and/or report false data but the truth is that they don’t a) block the attacks; b) drop people’s IPs who are doing a scan on you; c) keep an accurate log on these things, and d) manage the connections coming in.

If you are experiencing high volumes of traffic you may want to install a good Web switch. From what I have seen, Foundry Networks offers the best. Most hacks that occur on Web servers are performed by so-called “script kiddies” and they use CGI scanners (vulnerability scanners) that can be downloaded or traded all across the ‘Net. What they do is scan your site for common holes such as http://www.ococean.com/servlet/webacc and from there, they run other programs to “brute force” their way in.

One of the best scanners that I have come across is N Stealth which scans you through SSL mode so that the hacker’s identity will be kept a secret and off of your logs and IDS. With a good Web server these types of attacks are usually denied and the GET requests sent are usually not passed through.

Whatever kind of database you are using, whether it is SQL, Oracle or mySQL, the server should have two processors on it. With all of the requests or queries being sent it will chew up your processor and lead to slow performance and God forbid a buffer overflow, especially if someone knows how to use Netcat – a cross platform program on which the hacker can generate his/her own scripts. Keep your mail servers on a separate IP address than your Web server and don’t use POP3 from it.

Another aspect that is often overlooked is the network switch. PLEASE password protect your switches. Do not leave the default password on them. If you don’t do it with a firewall, why do it with a switch? For instance, you have a member who is logged into your site – that person is now on your network or one small step away from it. A switch can give that person the ability to see all equipment (PC, router, server, firewall, printers, etc.) that you have and he now has the ability to steal packets which can contain almost anything!

Software

If you are running proxy servers do not allow reverse proxying… turn it off! People can log into your http site and reverse proxy back to you and your network will be none the wiser thinking that the server is relaying information back to you. They can also start port binding once they are in which you really don’t want, and brute force through to your network without anything even looking remotely suspicious.

IDS (Intrusion Detection Systems) are a great tool for any network or platform. Most are free since you customize them yourself. I like Big Brother (written in Perl), Snort and Secure Net personally. These are great ways to monitor what resources are being accessed and by whom. It also makes life a lot easier when you are trying to monitor what people on your own network are doing as well.

Here is a big issue with the Matt Wright script message board. I know that it is a free resource and that everybody loves to use it for that fact but along with it comes the headaches. There are sooo many security holes associated with that script that many hosting companies refuse to even work with it. The main one being that it is used to spam and what happens with that is your IP can get blacklisted from AOL, Yahoo!, etc. You can really see the problem now especially when you can’t get members to sign up or send them emails for confirmations because you are losing big dollars!

TURN OFF DIRECTORY BROWSING!

Check for updates daily, keep up with Bugtraq and other security forums to see the latest holes and patches, and for the love of God do not allow remote access to your network through your Webserver.

I hope that this has been informative to some and an eye opener for others hosting their own sites.

Erik (username Konnected) has been online since ’95 mostly in the networking and security field. He recently decided to take a stab at the adult industry.

To contact Erik, you can email him at erik@konnectedit.com or visit his web site at www.konnectedit.com.

The very first thing that should be on your network is a GOOD firewall. I can’t tell you how many times that I have seen people think that Black ICE and other software-like firewalls will protect you.For those of you hosting your own sites or thinking about it, let me fill you in on what steps you really need to go through to protect your network.

Hardware:

The very first thing that should be on your network is a GOOD firewall. I can’t tell you how many times that I have seen people think that Black ICE and other software-like firewalls will protect you. They can show you an attack and/or report false data but the truth is that they don’t a) block the attacks; b) drop people’s IPs who are doing a scan on you; c) keep an accurate log on these things, and d) manage the connections coming in.

If you are experiencing high volumes of traffic you may want to install a good Web switch. From what I have seen, Foundry Networks offers the best. Most hacks that occur on Web servers are performed by so-called “script kiddies” and they use CGI scanners (vulnerability scanners) that can be downloaded or traded all across the ‘Net. What they do is scan your site for common holes such as http://www.ococean.com/servlet/webacc and from there, they run other programs to “brute force” their way in.

(more…)