[plug] Securing your webserver

Quintin Lette qlette at gmail.com
Sun Aug 21 11:18:01 WST 2005


> > k. Use a non-x86 architecture. Even AMD64 or the like is still obscure
> >    enough to help. An old Alpha will totally bamboozle the nasties.
> 
> I agree Leon, and in addition going for an obscure O/S tends to help too!
> Completely avoid Windows, if you use Linux - see advice above. Better
> still, it may be worthwhile to use Solaris (10 is free now). It may be
> fun, they've got a new file system - called ZFS.
> 
or better still Openbsd? designed from the ground up for Security!
Although I believe that its more likely that a person new to an OS
will likely open it up more as they don't yet understand how things
are done properly (I personally use Solaris for a lot of my "secure"
stuff, however securing Solaris is not the same as securing Linux,
although the same principals apply) hence recommending someone change
OS as a form of security is likely to be counter productive if they
don't understand how it works.

However having a secure O/S / Architecture etc is pointless if you go
and open it up yourself!
(like what Leon was saying about all your apache mods) by the way all
of that information is being "advertised" by your webserver (if you
want to check try $ w3m -dump_head $hostname  or $ lynx -head -dump
$hostname) If you do need to use Server side scripting stick to as few
methods as you need (if you can manage it all with php, just use php.
Don't install perl, php and blah blah blah just because you can, the
more you open up the more you are asking for trouble)

... so much for butting out ...



More information about the plug mailing list