23-Feb-2020 13:29 GMT.
[Rant] Secure WebsitesANN.lu
Posted on 21-Oct-2001 11:50 GMT by Christian Kemp6 comments
View flat
View list
Jack Meihauf wrote: Is there such a thing these days? With the word that amiga.org was hacked, maybe we should be securing our web sites? Well, theres always one thing that comes first. And that is Backups. It also pays to not keep back ups on the same server.
The administrooskis should pay more attention to security, and also the security of the backups.

An example. Don't named backups yoursite2, yoursite3 etc.., if you're going to leave them on the server. I truely hope Amiga.Org didn't name their backups ao2, ao3 etc. That would be truely silly.

Anyway, best of luck in getting the site up and running, you'll need it with these types pf people around,. Hmm. Maybe you should offer them a job securing the site?

List of all comments to this article
Sorted by date, most recent at bottom
Comment 1Anonymous21-Oct-2001 15:52 GMT
Comment 2mbpark22-Oct-2001 00:32 GMT
Comment 3Solar (BAUD)22-Oct-2001 05:11 GMT
Comment 4Anon User22-Oct-2001 08:29 GMT
Secure Websites : Comment 5 of 6ANN.lu
Posted by mbpark on 23-Oct-2001 00:58 GMT
In reply to Comment 4 (Anon User):
Yes, I work as an admin and architect on some VERY high-traffic sites. I have experience with everything needed to put together some very large-scale networks.
I'm a paranoid SOB because I've worked on larger sites.
Admins, especially when you work on extremely large sites that have a staff of 20 on them as just administrators, and items like Solaris, Veritas, Oracle, EMC Symmetrix disk arrays, WebLogic, and some bad-ass iPlanet web servers, need to be extra-vigilant about patches and security.
When you start talking about sites that get Slashdot-level page views, you've got to have a large level of process and someone monitoring BUGTRAQ on a regular basis, as well as one heck of an IDS in place.
Even if you don't, you need process and procedures in place to check these things out. Admins are the ones responsible for it. I spend a lot of my time "templating" what I know to share it with the other admins.
And don't use "budgetary constraints" to explain away a lack of process :). If ya need load balancing so bad, Linux does a fine job and you can use plenty of recycled hardware to do so. It also makes a darn decent firewall and IDS and costs $0.00 when you use the old Pentium boxes from HR. It also works quite well as a VPN with pptpd if you're in a bind and can't afford Checkpoint or Cisco.
TopPrevious commentNext commentbottom
List of all comments to this article (continued)
Comment 6alan24-Oct-2001 21:18 GMT
Back to Top