writing this section scares the britches off us, so we want to start with a warning: There are many security measures you can
(and should) take when setting up your own server.
However, the only way to make your server truly secure is to never connect it to the Internet in the first place. Of course, if you want to reach the public,
this is not an option. We will also put ourselves on the line here by saying: No matter what precautions you take,
there is always the possibility that a hacker will find a way into your system.
Keep this in the forefront of your mind when connecting your server to any of your internal systems. Though it is very handy to make certain up-to-date information available from your mainframe,
it can leave you wide open to security breaches. If you are planning this route, and have sensitive information you wish to protect,
we suggest you enlist the aid of a top-notch network security specialist.
there is some information you should know now,
while setting up your server, which we discuss here. Keep in mind that in dealing with site security,
you are not only trying to guard your system from hackers,
but also from innocent users accidentally messing with your system.
A firewall is a damage prevention and security system usually used by companies connecting to the Internet and Wide Area Networks (WANs). A firewall consists of code that aliases, blocks, or hides the firewalled computer from being identified by any other computer on the network. Well-constructed firewalls discourage hackers and help to prevent industrial espionage and sabotage. Firewalls are also used to prevent novice users from accessing commands and services that could jeopardize the integrity of the system.
There are basically three distinct firewall strategies: embedded systems, router-based packet filtering, and proxy servers.
This is a real-time firewall that supplies the security of a proxy server while at the same time delivering the added bonus of high-performance packet filtering. This means a real-time firewall system can provide the performance to support up to 100 times more users than a proxy server. In addition, it has no operating system or disk for hackers to mess with, requires no maintenance, and can be very simple to install. The down side is that these systems can be very expensive and serve only this very specific function.
Router-Based Packet Filtering
Most commercial routers (such as the Cisco we mentioned earlier) have packet-filtering capabilities. Based on rules defined by the administrator, packet filtering enables the router to permit and deny traffic. After a packet is passed through the router, the packet filter forgets the information, as well as the connection associated with it. Think of them as traffic cops with Alzheimer’s. These systems are usually the least expensive; they are also high-performance and transparent. Some people do, however, say that they can be very complex and difficult to work with.
A proxy server is a single point of contact for Internet access for the client. The proxy server generally resides on a specific port, waiting for connections from clients on the network. When a client sends a message to the proxy server indicating where he or she wishes to connect, the proxy proceeds by making the connection to the specified destination. Since the proxy uses the proxy host’s TCP/IP, it is aware of every connection in process and will drop packets that don’t meet its high standards.
You see, a proxy spends its life doing the very basic job of reading from one side and writing to the other. Think of it as a voyeur with an attitude. A proxy server is also multifunctional, since it runs on a general-purpose operating system, so it can provide many additional services to your internal network. The main disadvantages of these systems are that they’re difficult to set up, and that the speed of the system suffers under heavy usage.
Separating Your Systems
The simplest way to deal with these security issues is to use separate servers for your internal and external communications, and to never connect the two. You will lose the advantage of interconnecting your systems, but this challenge can often be overcome by manually updating the external server on a regular basis. Consider doing this if security is a major concern.
Quick and Dirty Guide: Turn-key Server Packages
Knowing the confusion many face in setting up servers, some astute companies offer “complete” server packages. One such product is WebCube (http://www.pacnet.com/pacnet/wcube/home.html). WebCube (see Figure 6.8) includes most of what you need for your own server (besides the actual connections).
There are also companies that offer turn-key server packages and promise total setup of your server. If you are looking to set up a server under a time constraint, and your budget is not a major concern, one of these solutions may be your answer. Some of these are listed at http://www.yahoo.com/Business_and_Economy/Companies/Computers/Networking/Consulting/.
In this chapter we have discussed various server issues and how you can choose to develop your own server or purchase a turn-key server package.
We have also covered some of the different software, hardware, and connection choices you will need to make,
as well as the security issues involved in running your very own server.
Now it’s time to move on to Part II of this book,