Hi Folks! New to the board and happy to be here!
I'm looking for some information on creating a secure webserver environment for Advanced Server 2000, and was hoping you could recommend some articles, tutorials, or advice. The reason I ask is because I just lost all of the work that I was doing on it with IIS/PHP/MySQL (they all even worked!), and we're talking weeks worth of work that was lost. Oh well, at least the virus that destroyed my computer can destroy what I learned about the 3 technologies above, and should be able to set it up faster this time!
Anyways. I plan to have the webserver host a number of applications:
1) Informational Webpages
2) Dynamic Webpages that will interact via PHP with MySQL. These dynamic pages will:
A) Contain the phpBB forums
B) Allow informational forms to be uploaded and saved to MySQL (both in secure areas and general webpage areas)
C) Allow file uploads to MySQL (perhaps as a part of the forms only in secure areas)
D) Provide secure access to specific folders within the wwwroot folder
E) Track IP and session information (to catch hackers/viruses) - haven't figured this one out yet
F) Within the secure areas, customers will be able to query information in the folders they have permissions to (something else I have to figure out how to do)
The first step is obviously to create a secure webserver. Some details:
1) The server is part of my home wireless network. The server is hard wired to my router, but I do access my router via a network password via my laptop wirelessly.
2) I have opened certain ports on my router. I have opened the ports for PCAnywhere and also the 8080 router port and pointed them all to my webserver's internal IP address. Should I use an alternative port for internet traffic?
3) My router is setup for wireless bridging, so not sure if there are any security concerns associated with this.
I've gone through basic setup installing Advanced Server 2000. I am getting ready to install and configure IIS. What are the biggest security concerns that I should be aware of in setting up the above web applications?
A trojan/worm (which I think got in from my laptop), infected my webserver through the sharing that I have setup between the two computers (I believe). I was entirely too cavalier in my original setup without even installing antivirus (won't make that mistake again). I now have norton corporate installed to hopefully prevent future worm infection. Are there any other add ons (hopefully freebies) that will help to secure the webserver from unauthorized use or worms?
Thanks so much for the advice!