Friday, August 15, 2008

Keep an eye open with Netstat Steps to secure your windows web server

For those of you running your own servers, with all the illegal hacking activity, it's a good idea to keep your eyeballs peeled to your open connection with netstat or a similar utility.

It's fairly easy to track an ip address with website services, such as the one here » Ip Look up.

I keep a utility on my desktop that monitors the flow of traffic through my NIC. when this stays lit for extended periods, it mean non-stop traffic. Now sense I'm a website publisher that earns revenue from his websites, you'd normally think that that was a good thing. Of course if you notice twenty or more open pipes from the same IP address, it certainly could indicate trouble. If that IP address is coming from China, then well it's really up in the air.

What to do???

Well for on thing you can take every precaution that you can to secure your server. Now I run a Windows server, so I started off by hardening my machine with what the operating system offers. Closing unused ports, turning off unneeded and dangerous services. You can learn how to do some of this over at Gibson Research.

Second you have to have a firewall. I have a good one, and allow only port 80 traffic inbound.

Third you download IISLOCKDOWN. You can use this to configure IIS to be a ton more secure.

Fourth you can set up IPSEC. For the novice user, IPSEC can be a bit daunting. Don't worry there are plenty of tutorials like this one to get you started. It's well worth all the trouble to set things up to be as bullet proof as you can. This still will not prevent bots, or other people from sending a lot of traffic to your port eighty. So in IPSEC configure a rul that will block users by IP address, and as you find suspicious IP addresses in your logs, or with netstat, block them.

It's every webmaster's responsibility to run as secure a server as they have the power to. Fortunately there are many resources devoted to this topic, it just takes a little time. (And effort!)

No comments: