Most of what you hear about break-ins and sabotage on the
Internet is sort of hyped up a bit. This does not mean
that you should ignore it, but take reasonable steps to
safeguard your site. Don't lose sleep over it...
"Dori Look! Daddy left an open telnet session to bignosebird
on my computer again!!!!
THE GREATEST THREAT...
If I have learned anything during the past 15 years it is that I am
the greatest security threat to my own systems! Let's see...
Erasing files which I thought were backed up.
Making a quick change that was so simple it did not
Doing something for Company X's system- while in fact logged on to
Running system crippling applications during business hours.
Too much coffee.
More likely, too little coffee!
MINIMIZING THE GREATEST THREAT...
I am not the greatest threat to you. ;-)
My point is that if somebody is going to trash your site it is
most likely going to be you! Here are some tips for protecting
Never make changes or deletions unless you have a backup!
Never share your password- two people knowing a secret is
not a perfect secret.
Do not believe for a minute your safety extends beyond somebody's
lack of interest in trashing your site.
Do not spam (flood) newsgroups with ads for your site- unless
your site is of meaning to that group. Why give somebody that
level of interest mentioned above?
Don't put a dumb message up like, Welcome to the Invincible-
Check all Server Side Includes and CGI-BIN programs for problems-
such as allowing the passing of exec or special shell characters.
Drink just the right amount of coffee to get the job done.
DEALING WITH THE OTHER THREATS...
Okay, even if you are the greatest threat to your site, this does not
mean there are other ones. Here are a few tips to help safeguard your
For the virtually hosted...
Ask your hosting companies what steps they take to prevent
and detect server intrusions.
Ask what steps they take to prevent other customers from
either trouncing or reading your private (non-public readable)
Ask if SSH (secure shell) is available for telnet use. If so,
see if you can can a different account for FTP, and for e-mail.
In otherwords, you want to make it so your e-mail account (if
POP3) cannot write to your files, nor can your FTP user account.
For those with dedicated or co-located servers...
All of the items for the virtually hosted!
Stay current on ALL vendor's security patches.
Install some type of intrusion detection software such as tripwire.