Securing Server Traffic- IPSEC
Jul 8, 2009
secure a windows server 2003 traffic.
I have one server with a small number of clients <10. The clients have dynamic IPs.
The server hosts a number of public facing websites, email, FTP and remote desktop.
What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?
Is there quick utility that would do this or can you point me to a good example article?
View 10 Replies
ADVERTISEMENT
Oct 9, 2006
Does anyone know how to range ban IPs using IPsec.
I can enter IPs manually but unable to ban an entire RANGE of ips
i.e. For example 172.10.10.10 - 172.1.1.999
Anyone know?
View 4 Replies
View Related
Jun 22, 2008
some recommended docs/tutorials to secure your server? It will be used as a web server, running Cent OS 5 (most likely 64bit)
View 6 Replies
View Related
Mar 30, 2008
Will be getting a new dedicated server. I know that I need to install APF + BFD for sure, but what else would you recommend installing to secure the server? Apache's mod_security module? DOS module? What are the obvious candidates other than APF/BFD?
View 13 Replies
View Related
Apr 2, 2008
I am on the verge of getting my first dedicated server (Win2k3 Standard). Just wondering if someone can point out a few resources to me about how to secure it, what softwares to use, etc.
View 9 Replies
View Related
Jan 30, 2007
For those of us that do not want to try and manage our own servers I have a question to those that already have been managing there servers for a while.
Once we get our server and install our OS and the control panels and have everything up and running then what should we look at doing to our server for security and to keep it secure from the web?
View 5 Replies
View Related
Nov 2, 2009
I am concerned as I get several emails containing this like this:
Large Number of Failed Login Attempts from IP xxx.xxx.xxx.xxx
I'm trying to stop it, as obviously, I don't want anyone gaining access to my server.
Any tips for making sure the server is really secure?
View 6 Replies
View Related
Jul 11, 2007
way to secure a server? I have iptables on my box but havent seen any scripts which i can base my config on.
I have seen that APF seems to be popular, and from the scripts seems quite simple to setup.
I'm not afraid of iptables per se but i would like a script on which to base for cpanel, do any exist?
I also like the simplicity of APF but i am currently running static nat on iptables and wish to maintain this functionality, the server is used as a vpn gateway.
Any ideas or links to base configuration scripts that would be suitable and maintain my static nat? Are there any checklists which i could go against to ensure everything is secure?
View 14 Replies
View Related
May 29, 2009
I have a lot of experience with VPSs and recently have been working with dedicated servers but my partner and I are going to be providing VPSs and my main concern is securing the node the VPSs will be on. Would I secure it like a normal dedicated server?
I'm worried that if I secured it like I would my dedicated servers it would affect the VPS clients hosted on there. Any assistance is appreciated, even if it's just a recommendation for a management company or single user who could assist us.
View 7 Replies
View Related
Oct 29, 2009
We have discussed all the basic methods of securing and hardening the server. Lets leave all the basic and general server securing and hardening I have started this to get advance knowledge in securing and hardening of the server so that it will usefull for all the person So i request all to provide all the vaulable tips and suggestions in advance securing and hardening of linux servers I welcome all the comments related to advance securing and hardening of linux servers.
View 5 Replies
View Related
Apr 23, 2007
I must add tons of subnets (in the xxx.xxx.xxx.xxx/xx format) to the IPsec policies. I am on Windows 2003 servers.
It will take forever to add them one by one...
It's almost 500 subnets.
Is there an automation script or...?
View 3 Replies
View Related
Apr 22, 2007
to configure a VPN connection between two Cisco Routers.
I have the configuration in one side but for another side I have nothing.Is any one can help me about it??Another question is :are two routers need to have a valid IP or not?
View 0 Replies
View Related
Apr 22, 2008
Is it possible to use IP Security policies in Windows Server 2003 to help prevent types of DoS attacks? Today my server was attacked by a single attacker who merely connected and disconnected on open ports at an incredibly fast rate. This was enough to eat the cycles of the server processes effectively creating a DoS attack. I was hoping IPSec could help prevent this, but I'm open to use any other software as well.
View 4 Replies
View Related
May 4, 2009
I'm trying to establish a VPN server inside a Fedora 10 VPS under OpenVZ. Openswan or Poptop is preferred over OpenVPN because Windows has built-in support for these protocols.
It looks like the host node (it's actually the vps from myprohost.com) doesn't have the required kernel modules enabled(installed?). Take Poptop for example, if I run pppd after rpm installation, the output is like this:
[root@v ~]# /usr/sbin/pppd
/usr/sbin/pppd: This system lacks kernel support for PPP. This could be because
the PPP kernel module could not be loaded, or because PPP was not
included in the kernel configuration. If PPP was included as a
module, try `/sbin/modprobe -v ppp'. If that fails, check that
ppp.o exists in /lib/modules/`uname -r`/net.
See README.linux file in the ppp distribution for more details.
[root@v ~]# modprobe -v ppp
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
And when I check for the availability of the encryption module "MPPE", I got the same result:
[root@v ~]# modprobe mppe
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
Openswan complains about some missing kernel modules too. So what do I do? Do I tell the provider to enable these modules? Do they normally do that? Will the host node require a reboot after having done that?
What modules are required for Poptop and Openswan? And, do I need to tell them to re-enable these modules every time I rebuild my OS?
View 1 Replies
View Related
Nov 15, 2007
What traffic monitor would everyone recommend for sites that have as many as 5,000 to 10,000 hits an hour?
View 8 Replies
View Related
Aug 29, 2008
how many pageviews a server like this can handle a day?
Core 2 Duo 2.2 GHz
1024 MB RAM
160 GB 7200rpm SATA Hard Drive
Simple website with PHP and MySql, few graphics.
View 14 Replies
View Related
Aug 10, 2007
Is it possible that someone on the same network as my server (shared hosted, freebds) could somehow cause my traffic to be diverted to a new url after visitors landed on my website?
I assume this person has access to my home PC also and is reading what I type here etc. Has the ability to allow domains and IP's and divert others on my server, IS in the position to know who to allow and deny (my affiliates, customers etc IP's are recorded etc)
IF this was possible, how would I be able to catch this person out?
Where would I look for evidence of this and what am I looking for?
I don't manage my DNS and asking my server host (my suspect hosts with them too) gets a reply like: I don't understand what your asking? Do you need webaliser stats?
How would someone be able to do what I'm guessing is happening: That people can land on my site.. however, this guy can than redirect them to his own paying page. If I set a link here to my site..he'd soon add its domain to "allowed" etc etc.
I'm thinking I need access to server access to my dns, login info and Last Modified details on those file. I don't have these. I don't know what I'd be looking at if I had them.. and my server tech hasn't offered to look at such things.
My interest is more than intellectual.
Until last weekend my 2 1/;2 year project that has grown in sales volume beyond my expectations. I had had no contact with this person for 8 months and in that time sales where consistent. I Had changed all accesses, IP etc etc. I used to host with him. Then moved hosts since I didn't trust him (same problem back then - sales fell to nothing but traffic grew) moved to my current host.. not long after find HE is now on that host too.. now after I have contact from him again, sales have gone flat without any explanation, even though traffic has increased! 1:300 has become 1:10000 and I have checked everything site side (I'm a webmaster for over 10 years)
I'll be ruined very shortly and I don't know what to do.
View 7 Replies
View Related
Nov 5, 2008
I'm running LiteSpeed, and wondering what PHP functions you disable(if any) when running a shared hosting server to protect against PHP Shells.
The problem I'm having is trying to figure out what lockdown without killing clients ability to host scripts that might rely on certain PHP functions to run.
View 3 Replies
View Related
Dec 14, 2008
Securing /tmp
View 4 Replies
View Related
Jun 21, 2007
linux and have just purchased a vps with CentOS 4 (godaddy). how secure the server is out of the box? Is there a firewall or anything that comes preloaded - if so, is there a way to tell. If there isn't, are there a couple that someone could list that would be worth my time to review.
i'm just using their Simple Control Panel.
View 6 Replies
View Related
May 29, 2007
what are the ways I can secure /dev/shm? The permission for this directory is set to 755 but somehow it is still compromised.
The directory permission is changed to 777 by the user apache, and the some flood/bot scripts are uploaded to the directory and executed for outbound ddos.
View 2 Replies
View Related
May 10, 2007
When cpanel 11 turns stable, I am planning on changing the setup for php on all my servers. Currently it runs as mod_php for the default installation of php and one server has php running in cgi mode for php5 (in addition to its normal mod_php setup for php4).
Im not currently running anything like fastcgi, suphp, or phpsuexec. What do you think is the best setup to use that would add a nice security layer, but still allow users to have custom php.ini settings (without having to use an entire php.ini file), and still keep close to, if not better speeds as mod_php? I am thinking of dropping support for php4 in general and just keep one version of php on each server.
PHP support is very important to a large majority of my customers, so I really want to make sure this is done right. Its obviously going to be a big headache making the switch and I am definitely going to work closely with my reseller and personal customers to make sure it goes as smooth as possible.
View 6 Replies
View Related
May 9, 2008
We're expecting a large spike in traffic (40k visits in one day) soon. We’re running on a very powerful server with CentOS & cPanel.
Is there any specific configuration we can setup to prepare for the large visitor spike? The website is very database and PHP intensive. We want to avoid any downtime.
View 14 Replies
View Related
Sep 19, 2008
which processor for an high traffic server?
DELL Xeon 3065 or Intel Dual Core E 2140
View 6 Replies
View Related
Feb 26, 2007
I was wondering if it is possible to block traffic to and from a server with iptables.
Like for example a user transferring files with his ftp client to another server x.x.x.x (FXP)....
been trying with these rules here:
iptables -IINPUT -s x.x.x.x -j DROP
iptables -I OUTPUT -s x.x.x.x -j DROP
iptables -I FORWARD -s x.x.x.x -j DROP
But still the user can transfer to the server destination...
View 0 Replies
View Related
Jul 17, 2008
Is there a tutorial out there that shows how to secure a Plesk VPS? We did hire a server management company but after they installed some tweaks, Plesk broke and we had to re-install from scratch. Any security tutorials out there that is Plesk friendly?
View 8 Replies
View Related
May 21, 2007
I have three computers, 2 routers, 1 hub and 1 server machine on my network.
Up until now, we havn't worried about security much but I've decided that I want to secure it all. We have anti virus and software firewalls, as well as Windows XP firewall however, I cant seem to get the computers on the first router to talk to the computers on the other router.
My network setup is:
[url]
Router 1 is a Linxsys, its default gateway is 192.168.1.1
Router 2 is a Dynex E401 and its default gateway is 192.168.0.1
I tried changing the default gateways, but they lost internet.
View 5 Replies
View Related
Oct 2, 2007
I am debating how to additionally secure my Apache server. Chrooting is one thing that I have already done. It will limit the intruder to the jail I created. However I have around 30 different websites hosted on this machine. I am concern that once the hacker is inside the jail he will be able to gain access over all websites. How can I isolate the different websites from each other ? For example if oscommerce gets compromised I would like intruder not to be able to see the other websites.
On a completely different note I am curious about something. Why does big websites like google and facebook do not block icmp packets and allow udp connections for traceroute?
View 1 Replies
View Related
May 11, 2009
what the max number of hits is a quard core server with RAID disk system can handle, it is running on a Linux with separated MySQL server?
The host says there are no restrictions on the bandwith, but somehow it is strange we always only have MAX 300 users online (24/7/365) now I wonder if it just is that way or if some users might be denied access from time to time when they try to enter some of the websites hosted on the server ?
Maybe you know a monitoring service or something that can tell if this is an issue.
View 14 Replies
View Related
Jan 15, 2009
i have question which i'v serched for answer for it more than 3 days , may be more.. but i still can't catch it.
now if i have aWin EST server , and i have t remote desktop . i can creat accounts right?
well , if i need to manage the traffic for evry account, and give account whatever 500 GB trffic , another account with 500 GB , another with 300 GB , etc etc..
how can i know they have reched thier limite and they stop useig more from the server?
View 0 Replies
View Related
Apr 22, 2009
billing system to control the traffic between router and servers. I thing I need a billing system installed on server with webgui like those used by ISPs but I need it working with paypal and other payment gateways.
The other solution is to use radius server but I will need it working with payment gateways. Can you recommend me a good radiuns server with many options?
View 0 Replies
View Related
