| Often people like to run a small web site from their home. Unfortunately, simply enabling the personal web server function on your home system can leave you open to attacks from the Internet.
Running a server correctly requires a server operating system. The security of such a system is different than a standard system. Server systems provide information, but generally don't allow people on the network to change it. The software usually allows specific ports (ways software connects) to be secured individually. In addition, bandwidth constraints can be set as well as limits on the number of connections to the server.
Despite the security in the system, a firewall is needed to protect it. This is almost always in the form of an external device. While a broadband router provides decent protection, it means all devices connected to the router have to allow the same ports to be accessable from the outside. The best server connection usually comes in the form of a dedicated firewall appliance for the server to use.
It is possible to do all this from the home, but it can be very expensive to do it right.
You can use the personal web server function included in Windows, but never use it on a system you use for other purposes. This would make both the server and the information it contains vulnerable to hackers. Use a separate system for this purpose. If you don't get much traffic to your site, an older computer will do the job.
One thing you will need is a static IP (Internet Protocol) Address. This is essentially an ID on the internet for other computers to connect to your server. If it changes, they won't know where to go. With some Internet Service Providers (ISPs) you'll need to pay extra for this feature. Keep in mind that many cable modem providers prohibit the use of a web server with their service.
Create a folder on the web server (preferably on a separate drive or partition from the operating system) called "www" or another name you'll easily associate with web site storage. DO NOT create it in your "My Documents" folder. By creating the folder on it's own drive or partition, you only need to share that drive, not your system drive. Be sure to use strong password protection for your system drive as well as any folders on the shared drive you don't wish to make public.
Inside the www folder, create a folder with the same name as your web domain name. For example, the folder for this site would be named "gadgetfaqs". The web server setup software will allow you to direct traffic for your site to that folder (which is known as a virtual server).
You'll need a domain name. Ours is "www.gadgetfaqs.com". You don't actually own the name, though. You lease the name for a certain amount of time, often a year, but up to 10 years. You can obtain a domain name through a registrar like Register.com, GoDaddy.com or RegisterFly.com. Prices will vary, but often the higher priced services will provide extra services that others charge separately for. Once you have the domain name, go into your user account at the registrar site and direct the IP address to your own. Within a day or two (be patient), traffic will redirect to your server. The server will direct traffic to the site you have stored there.
Here are a few tips to make your server more secure:
Turn off sevices you aren't using. If you aren't running a mail server or using FTP (File Transfer Protocol) service, disable them. These only leave your server vulnerable to attacks.
Disable the default Web, Administrative and FTP sites. You only need to operate the site you wish for the public to see. Disable the defaults.
Only open the ports you need. Port 80 is used for web browsing. Disable the ports used by SMTP, FTP and Secure HTTP if you aren't using those services.
Run nightly virus and spyware scans on your server. These can be run late at night when they won't affect server performance.
Limit what visitors can do. When setting up a virtual directory for your site, don't check the box to allow directory browsing. This can compromise your server's security by allowing visitors to see your folder structure. This can allow them to find private files you don't want them to be able to access.
In addition, don't allow visitors to change files. Don't check the boxes that allow visitors to write or delete files.
Use real folder and file security instead of html passwords. If you wish to password protect files or pages on a web site, set the security of the files or folders so only specific users can access them. You'll need to set up a user account on the server that grants access to that file. The advantage is each person can have their own user name and password. In addition, this method uses the security of the server itself to grant access rather than relying on methods that can be more easily compromised. Be sure the user accounts you create only grant access to that particular file or directory, though.
Create a limited account for your server to run with. Don't run your server using the administrator account. Anyone that gets into your server can take control of it if you do. Instead, create an account with only the permissions necessary to run the web services and allow you to update web pages as you change them. When you need to make changes to the system, you can use your administrator account.
|
