Re: FN-FORUM: secure sites, encryption etc

date posted 3rd August 2004 19:37

Dom Latter wrote:

>
>Shared? Secure? Not in the same sentence, or even paragraph, please.
>
>
yeah I saw that one coming :)


>The basic server checklist is to install a firewall, only open up ports that
>you absolutely need, and only turn on the services that you absolutely
>need. Then keep all the stuff that you are running patched and up to
>date. Don't run BIND if you can possibly help it. Your minimal list of
>open ports / services is 22 (for SSH), 80 and 443. Use SSH version
>2, disallow root login, only allow one username to SSH in, use secure
>passwords that you keep rotating. Never login from anything but a
>system that you keep as secure as the server itself. (That means
>never ever logging in from a mates Windows box).
>
>
ok that's useful - thanks Dom.

>Oh, and consider using OpenBSD.
>
>
considering. may not be an option though. is it much better than FreeBSD?

>Have you got a specific problem or are you just doing research out of
>interest?
>
>
no specifics yet - no server, no application, no database. So early
planning stages still, but security is one of the prime considerations
for viability of the whole thing.

Would you advise encrypting data and/or database content (I'm looking at
PHP's mcrypt module) even with all the best practices for security of
the server? Isn't that what's done with c/card numbers usually?

Nick