Tisma.net

Web servers and FTP

Each network has an Internet connection is at risk, compromised. Although there are several steps you is at your local network, can provide the only real solution, close to your local network for incoming traffic, and restrict outgoing traffic.

But some services such as Web or FTP servers require incoming connections. If you need these services, you must determine if it is important that this part of the LAN server, or are in a physically separate network, according to a DMZ (demilitarized zone or placed on the public if you prefer his real name ). Ideally, all servers in the DMZ is a standalone server, with unique applications and passwords for each server. If you have a backup server for the machines in the DMZ, you must buy a dedicated machine and keep separate backup solution for network backup solution.

The DMZ from the firewall directly, which means that there are two roads in and out of the DMZ, traffic to and from the Internet, and traffic to and from the local network. Traffic between the DMZ and the LAN would be completely separated from the movement of data between your DMZ and the Internet. Incoming traffic from the Internet would be routed directly to your DMZ.
So, if all the pirates in which a machine inside the DMZ compromise, the only network they have access would be the DMZ. The hacker would have little or no access to the LAN. It is also the case where a viral infection or endangers the safety of others on the LAN would not be able to migrate from the DMZ.

For the DMZ, to be effective, you must keep the traffic between the LAN and DMZ to a minimum. In most cases, that is only traffic between the LAN and the DMZ FTP needs. If you do not have physical access to the server, you also need some kind of remote management protocol such as Terminal Services or VNC.

Database Server

If your Web server will need access to a server database, then you must make sure if your database instead. The safest place is to find a server database, or a physically separate network, called the Secure Zone to create a server and database for the placement.
The security zone is a geographically separate network connected directly to the firewall. The safety zone is by definition the safest place on the web. The only access to or from the security zone would be the database connection from the DMZ (LAN and, if necessary).

Exceptions to the rule

The dilemma faced by network engineers, where the server e-mail address provided. It requires an SMTP connection to the Internet, but it also requires access to the area of the LAN. If you know this server in the demilitarized zone to another, could compromise the integrity of the traffic sector of the DMZ, it is just an extension of the LAN. Therefore, in our opinion, the only place where you can e-mail server is stored on the local network and allow SMTP traffic on this server. However, we would therefore oppose any form of access to the HTTP server recommended. If your users access to their e-mails from outside the network is required, it would be much safer to get some kind of VPN solution. (With the use of firewalls and VPN. LAN VPN Server to allow VPN traffic is authenticated on the network before, which is never a good thing.)

There are people more and more people choose to work from home than ever. The advantages of this are many including avoiding the morning and evening peak hours to be able to spend time with your children and significant others, so that everything in your own time. Although there are many pitfalls is that I have to focus in this article, the establishment of a secure wireless network for your home business. Right now, somewhere out there, because someone is waiting for a receiver to take over a person distrust Wireless Local Area Network. Their hope is to some sensitive information that can lead to identity theft Garner, stolen and proprietary information.

Most companies do not have more technical, but it may have for users, security is generally not one of the first things they want to fight with their daily activities. For over WLANs an excellent destination for information on predators.

Here are some general guidelines to follow when setting up your wireless network. Although it can vary from manufacturer to manufacturer may, at the base is more or less the same:

First Configuring wireless router via a point-wired client.
Always second to change your password for the factory setting, something difficult to guess for someone.
Enable third 128-bit Wired Equivalency Privacy (WEP) on both your access point and network card. From time to time, you change the WEP key entries. If your hardware does not support a minimum of 128-bit WEP encryption, it can replace the time that these dinosaurs. WEP is only a minimal security measure that is better than nothing.
Change the fourth show the factory settings for the SSID to access / router on a hard to guess changing channel. Start your computer to connect to this SSID configured by default.
5th Setup SSID of your access point is not sent, if necessary.
6th Block Anonymous Internet from requests and pings.
7th P2P connections should be disabled.
8th Enable MAC filtering.
9th Enable firewall disabled on the router / access point with DMZ. Enable Firewall client for each computer on the network.
10th Update router and access point updates are available.
11 Make sure the physical router so that a person can not randomly reset the hidden parameters.
12 Position of the physical router near the center of the town closest to the windows rather than to prevent third parties outside of the reception of signals.

These and other settings will work together to prevent intruders from your personal data.

You may think that your home computer internet network is as safe as a “bug in a rug”. After all your Linksys or D-Link brand or another popular brand offers state of the art security features. Perhaps you have the standard WEP 64, or the “safe as the banks “WEP 128 encryption format. Perhaps you have even gone one step further to the ultra newer safe WPA router data security formats or even to greater security heights.
Your computer network is ultra secure. Or so you think and have beer reassured. Perhaps you have even had a “computer security professional “do the setup and maintenance,

And yet your personal data or banking information may be stolen. Your children may be directed to “bad “internet sites or worse. Your windows security updates may be compromised leaving your computer and network open to wide and wider scale attacks on your computer. Your confidential passwords – whether they are for email, medical, airline or even banking may be compromised or stolen. Finally your computer may be utilized as a “zombie” in large scale denial of service attacks on the internet. Your computer and many thousands of other may be set, waiting patiently for long periods of time, to be activated as a sleeper agent. Which along with many thousand of other remote computers are set on secret activation to altogether overwhelm some target whether it be government computers, the CNN online news network or whatever?

How are all of these threats possible? Computer security is always a case of cat and mouse with human ingenuity always at the root of the game. The hackers do this,
The computer security network react to fix the security hole it issue – whether it be Microsoft, Apple Computer or the Computer Hardware of Computer Hardware accessories manufacturers . And then the computer hackers think of an alternate means of attack.

In this case, even though it apparently seems that even though your wireless or simple cabled non wireless computer network has another gaping security hole. Home routers are at risk of being compromised by remote hackers. As a result of innocently or inadvertently visiting web pages malicious standard java script type software can access the controls of your home router and reset the controls inside the router to cause you big trouble.

Your router can be set to visit certain sites instead of where you wish to go. This may be simply to redirect you to sites containing advertising of the villain’s daily choice. You may be taken inadvertently to websites which in a flash download further viscous and mean software, on a regular basis. Or even worse you may be taken to fake sites which are not what they represent. For example you may well type in the bank of America bankofamerica.com website. You may even have searched the name by Google. You will think you are being directed to this banking website where you enter your account name and password only to discover you cannot access your account because you are a bogus copy of the front page of that website whose purpose is to steal your banking account and passwords.

The answer to this security problem is simple. Simply change the administration password in your router from the default out of the box, out of the manual and factory to anything else.

As a result the malicious java script will not be able to unlock and enter your router and do its damage. The simple answer to these router security issues and securing your router firmly is to easily and simply change the administration password on your router – whether it is wireless or a wired router. Now your home computer network and router will be safe from this threat.