Page One

Campus Computing News

Renew PRAS Accounts Now

SirCam Virus, Others Continue to Plague UNT and the World

The SmartForce Server is on Course!

Lab-of-the-Month: SCDGAL

Computer Purchase Information Now Online

ACS Summer News

Migrating Queries from Microsoft Access to an Access Project

Today's Cartoon

RSS Matters

SAS Corner

The Network Connection

List of the Month


Short Courses

IRC News

Staff Activities



How secure are your services?

By Shane Jester, Campus Web Administrator

It's amazing to me how much easier it is getting for people to run there own Web services in today's networked community. With the advent of affordable, always-on connections in the common household, the number of people running Web services from home has sky-rocketed. DSL and cable service make it possible to setup Web services that allow you quick access to your computer resources from almost anywhere. The problem is that most people just install a quick Web server such as Microsoft IIS without properly securing it. Not to imply that IIS is the only Web server that is insecure. It just happens to be one of the easiest to obtain and install. I think that the true problem is that most people don't realize how visible that server is to rest of the computing community. You can't protect you identity by simply not telling people about your server.  It's going to be seen by other people whether you like it or not. Just the other day I had set up a Web server and it was scanned three times in the first 30 minutes that it was activated! If you have any desire to protect you information on your computer, you must secure your Web server before you place it on the Internet.

But perhaps you don't care about your information being protected. Well, there are still other implications to consider. If you are running a server that can be easily compromised, you risk the possibility of someone using your computer to hack into other computers. At the very least this makes you look bad in the computing community and has the potential to cause you possible legal headaches. A good example is the recent outbreak of the Code Red virus.* This virus was specifically designed to take advantage of IIS Web servers that have not been properly patched and secured. It's a simple procedure to patch the server, but the majority of people it affected where uneducated about the process or simply didn't bother to make the updates.

If you're going to take the time to setup Web services from home, take the time to do it right. There are tons of resources on the Internet that explain how to secure your servers and your Web services for almost any OS or Web application that you wish to use. You just simply have to take the time to read the information and stay up on the latest issues. Who knows, maybe you'll even learn something!

* For more information about virus protection see "SirCam Virus, Others Continue to Plague UNT and the World" in this issue of Benchmarks Online.