Is known IP-number filtering pretty much all that is needed for website security/vulnerability?

Is known IP-number filtering pretty much all that is needed for website security/vulnerability?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Is known IP-number filtering pretty much all that is needed for website security/vulnerability? ship 05-17-2006
Posted by Frankster on May 18, 2006, 9:14 am
If you were  Registered and logged in, you could reply and use other advanced thread options
All the negative replies notwithstanding...

Restricting access to only a few specific known IPs is very good. I'm
assuming this means no anonymous access whatsoever. Good stuff.

Now... for those specific IPs, you would want to set up a userID logon and
complex password to access your network resources. Just as you would do for
local LAN users to logon to their own workstations.

Certainly there is much more to security, in total, but here's what some
observers fail to understand... if the accessible system has no services
available (like most home users should), the risk is minimal. It is when you
have services running on the system that the risk escalates. And... access
to these services via anonymous transparent logons (i.e. a public web
server) is the worst.

You have no anonymous public access. Straight away you have a good start.
Next thing would be to "harden" your OS. Meaning... make sure your system is
set up to allow system and file access to only the users that need it (on
the LAN as well as from the Internet).

Yes, keeing up with OS patches and vulnerability updates is always
important, but that risk is always there and not limited to Internet users.

-Frank

>
>
> Hi
>
> I want to get some views on security/vulnerability to hacking.
>
> Our ISP has just put our website onto a new dedicated webserver for us.
> It is running Apache (latest) on Linux. And MySQL.
> We have got the thing protected by a router that has IP filtering on
> it.
>
> Basically we are only allowing point to point traffic - that is traffic
>
> a tiny range of precisely specified IP numbers to have FTP access.
>
> This of course means that everyone who runs the site needs to
> have a dedicated IP number.
>
> This may sound naive but do you think the above will be enough
> to stop hackers from getting in?!
>
> (e.g.
> - should we buy a separate firewall box or is it enough to
> just rely on the router's filtering?
>
> - What other vulnerabilities should we be tackling.
>
> - Is there any way of spoofing IP numbers?
>
>
>
> Ship
> Shiperton Henethe
> (webmaster)
>



Similar ThreadsPosted
Data security/filtering on field values May 19, 2005, 8:05 am
Welcome to us the website December 5, 2007, 2:09 pm
How to protect my website? February 3, 2005, 8:45 pm
How to allow a blocked website March 9, 2005, 2:55 am
Instructional Website June 16, 2005, 2:07 pm
Articles for website July 5, 2005, 11:13 pm
Website still sees my IP while using proxy September 23, 2005, 8:48 am
Re: how does a website track your usage September 19, 2008, 11:54 pm
New email encryption website October 9, 2008, 2:20 am
Ensuring that a sever and website are secure February 22, 2005, 7:41 am

The site map in XML format XML site map

Contact Us | Privacy Policy