Tagged - secure

Properly Securing Your Website

Wednesday, January 21st, 2009

lock_down_computerOwn a website? Ever think about security? If not, well you’re asking for trouble.

These are the best things you can do to secure your website properly

  • Use random generated passwords 32-64 characters in length.
  • Research your particular software and/or plugins for vulnerabilities at all times by visiting milw0rm and packetstorm on a regular basis.
  • Optionally, you may want to install some kind of spam filter if possible on your software.

Own your server? You’ll probably want to do this as well, on top of the list above.

  • Do periodic software updates on your server, change the ports that certain services run on, such as FTP and SSH since these are common targets.
  • Disable root login.
  • Set ServerTokens to “Prod” in Apache.
  • Run software that automatically bans an IP after a certain amount of failed login attempts.
  • Again, for all passwords on the server use 32-64 char random generated passwords, including the host control panel if you have one.

Just searching around reveals to me that there are far too many insecure websites out there, that could easily enough become fairly secure by following at least some of these methods. You can never be too secure, there are new vulnerabilities found every day, and there is no shortage of malicious users out there ready to deface your website or gain root login to your server for the fun of it. There are many more tactics out there for security, but these are some of the better tactics that will deter most people. Be careful out there.

Thanks go out to nukeit.org

Tags: , , ,
Posted in Security | 2 Comments »

Secure your wireless networks!

Wednesday, December 24th, 2008

wifi-logoI know a lot of people still run their wireless routers without any encryption whatsoever. You really shouldn’t do this. Why? Well, there are some people that use wireless networks to do malicious things. Maybe they’ll do a little hacking on your network, maybe buy some things with stolen credit cards, the list goes on. People with insecure networks often have the default password on their router, therefore anyone connecting to your access point can access your router! They could also be using packet sniffers sniffing out data you’re putting on the Internet. If you have a bandwidth cap, they’re stealing bandwidth you could be using.

Why leave yourself open to these kinds of threats? Generally all it takes is WEP encryption, which isn’t the most secure, but secure enough that most people wont touch it. Most router addresses are 192.168.1.1, some are a little different. You can look up these details on the Internet if you don’t have the manual handy. Just go into wireless security, WEP, enter a passphrase, generate, and select a default key. Then when you connect, insert that key to get onto your network. Simple as that.

Back when I was a wardriver, I found that almost 80% of wireless networks in my area were insecure. That percent may have changed, but I still see a lot of insecure networks out there. It’s unacceptable!

Tags: , , , ,
Posted in Internet, Technology Reviews/Guides, Tutorials | 9 Comments »