Re: Setting up secure HTTP server

[Charley Hamilton <chamilto () uci edu>]

Steve,

My use of "secure" was to indicate that I didn't want the server
to be a convenient pathway into our network.  Data integrity *is*
also important, and I'm already looking into the IDS issue.  I
found a more limited dataset on IDS best practices, so that I am
reviewing. Also, I'm more intersted in IDS than setting up web
servers....

I don't have a strong preference for OS, although since this
seems to be mostly a win32 shop, I guess IIS is the likely
means.  I'm still researching the option of university-hosted
servers.  We're weighing the trouble of maintaining our own
server against the trouble of trying to keep the site
up-to-date.

Most of my experience in "hardening" boxes has been with making
them as stealth as I can, since I've never really needed to
offer services I couldn't restrict by IP before.  Now, with
a web server, I'm a bit more limited as to how blanket paranoid
I can go.

Thanks to everyone who has offered suggestions.  I'm now on the prowl
for more time to read.  If anyone trips across a time machine, please
let me know.  ;-)

Charley

--
Charles Hamilton, PhD EIT               Faculty Fellow
Department of Civil and                 Phone: 949.824.3752
    Environmental Engineering           FAX:   949.824.2117
University of California, Irvine        Email: chamilto () uci edu




---------------------------------------------------------------------------
----------------------------------------------------------------------------