BigNoseBird.Com- Small Logo
The 508 compliant Guide to 
       Big Nose Bird
Site Search Engine


IMPORTANT NOTE!
Most of what you hear about break-ins and sabotage on the Internet is sort of hyped up a bit. This does not mean that you should ignore it, but take reasonable steps to safeguard your site. Don't lose sleep over it...

- Bruce


"Dori Look! Daddy left an open telnet session to bignosebird on my computer again!!!!

THE GREATEST THREAT...
If I have learned anything during the past 15 years it is that I am the greatest security threat to my own systems! Let's see...
  • Erasing files which I thought were backed up.

  • Making a quick change that was so simple it did not require testing.

  • Doing something for Company X's system- while in fact logged on to Company Y's.

  • Running system crippling applications during business hours.

  • Too much coffee.

  • More likely, too little coffee!

MINIMIZING THE GREATEST THREAT...
I am not the greatest threat to you. ;-) My point is that if somebody is going to trash your site it is most likely going to be you! Here are some tips for protecting your site.

  • Never make changes or deletions unless you have a backup!

  • Never share your password- two people knowing a secret is not a perfect secret.

  • Do not believe for a minute your safety extends beyond somebody's lack of interest in trashing your site.

  • Do not spam (flood) newsgroups with ads for your site- unless your site is of meaning to that group. Why give somebody that level of interest mentioned above?

  • Don't put a dumb message up like, Welcome to the Invincible- Hacker-Proof Site

  • Check all Server Side Includes and CGI-BIN programs for problems- such as allowing the passing of exec or special shell characters.

  • Drink just the right amount of coffee to get the job done.
DEALING WITH THE OTHER THREATS...
Okay, even if you are the greatest threat to your site, this does not mean there are other ones. Here are a few tips to help safeguard your site.
    For the virtually hosted...

  • Ask your hosting companies what steps they take to prevent and detect server intrusions.

  • Ask what steps they take to prevent other customers from either trouncing or reading your private (non-public readable) files.

  • Ask if SSH (secure shell) is available for telnet use. If so, see if you can can a different account for FTP, and for e-mail. In otherwords, you want to make it so your e-mail account (if POP3) cannot write to your files, nor can your FTP user account.
    For those with dedicated or co-located servers...

  • All of the items for the virtually hosted!

  • Stay current on ALL vendor's security patches.

  • Install some type of intrusion detection software such as tripwire.

  • Make http://www.cert.org one of your daily surfing stops.

  • Do not discuss your security techniques. As silly as this sounds, a car that has a sticker that says, "protected by X" on the window sort of gives a thief the schematics.
For more information password protecting your site's information, please read the htpasswd and .htaccess tutorial.

For some specific information on Apache Server sites, stop by BNB on APACHE Server. Also, check out the Protecting your FORM input using MD5 and perl tutorial.




Find or Give Help on the BBS
 
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at webmaster@bignosebird.com.


<reallybig.com>
Web Builder Network Portal
Advertise
on the
Reallybig.com
Network
BigNoseBird Newsletter
Subscribe
Un-Subscribe


Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement