A Home Server. Part 3
In the first two parts of this discussion we covered the first few topics involved in the task of setting up a webserver at home to host your own website. The assumption for this article is that you have Windows XP Home Edition
Now we continue:
In the introduction to this discussion, I mentioned the notion of having your computer fully patched, firewalled and protected against viruses and spyware. Now it's time to discuss those items in a little more detail.
First, there's patching. Here's an excerpt from
GTG #283: "Those who are in the best position to discover flaws and holes in
an operating system are those who know it best; namely, its authors. There are
mechanisms for security conscious system administrators to notify each other of
holes, including NTBugTraq. Details of NTBugTraq can be found at
www.ntbugtraq.com. As the
author of the Windows family of operating systems, Microsoft, among other
things, keeps a close eye on NTBugtraq. It is only the team at Microsoft who are
in the position to create patches for these holes, since only they have all the
operating system source code. It is therefore they who are in the best position
to notify you when both a vulnerability is identified and its patch is
available. To this end, Microsoft came up with Windows Automatic Updates.
Automatic Updates can be found in the control panel in Windows 2000 and as a tab of System Properties in XP and 2003. There are four options available. It can be turned off, which is probably only really a reasonable option on a machine that is never connected to the Internet. When on, it can be set to notify you before downloading updates, to notify after downloading updates or to simply download updates and install them on a specified schedule.
The use of Windows Automatic Update to notify you of security patches is an excellent mechanism. My personal preference is to have automatic updates turned on and have them downloaded ready for me to apply. I also like to monitor for updates by subscribing to Microsoft's Product Security Notification Service (see http://register.microsoft.com/regsys/pic.asp). I believe that the best time to apply a patch is now or sooner -- later is just not a good idea. As the number of threats increases all the time, it is becoming more and more critical that hotfixes be applied in a timely manner."
Next, let's think about firewalls. There are a lot of software firewalls available. There's one built-in to Windows XP, and turned on by default in XP with Service Pack 2 installed (which I am sure you now have!) While these are a very good idea, it is my personal preference to also use an external firewall. There are plenty of inexpensive routers with built-in firewalls. Vendors such as Netgear, Linksys, Belkin and many others all have such products.
When you use an external firewall you increase your level of protection considerably, since many forms of attack are blocked before they even reach your computer, and because the presence of the external firewall will prevent most hacker tools from discovering information about your computer. There is no such thing as a 100% defense, but making life as difficult as possible for a marauder goes a very long way. Remember that those with malicious intent are usually out for either prestige or cash. There's not much prestige in breaking into a home computer, and there's a lot more cash elsewhere too! You mostly need to protect your system from "run-of-the-mill" mass attackers.
When you set up your firewall (external, internal or both), remember to open up the port that your inbound web requests will be arriving on - either 80 & 443 or whichever port you have your requests redirected to.
Now there's the question of virus protection. This is, of course, the most famous of the "definitely required" forms of protection -- so much so that a lot of people seem to think it's all they need. How wrong they are! It is, however, a critical form of protection. In today's net world a computer connected to the Internet without virus protection is almost certain to be infected in a short time. So which one do you chose? In my humble opinion, you need something like McAfee, Norton, Trend or Panda with virus definition no more than a week old (update it every week with its automatic update or manually.) I don't recommend something like "Joe's Neato Anti-Virus".
Another scourge on the net is spyware. Spyware (software the watches what you do and reports back to some source) has become such a problem that it is now almost as famous an evil as viruses. So much so, in fact, that most of the anti-virus vendors also have anti-spyware software. Most of them bundle both types of protection, along with a software firewall, into an Internet Security package. These bundles are a very good value and afford excellent levels of protection. For stand-alone anti-spyware software, my personal favorite is Spy-Sweeper from Webroot Software. There have been several occasions where Spy-Sweeper has found spyware left behind by some other anti-spy programs, but I have yet to find the reverse (as long as Spy-Sweeper's spyware definitions are up to date.
For a few other considerations with regard to protection, there is more discussion I wrote recently in GTG #333 - you could check that out also.
I can never stress enough the importance of a good back-up regimen. Back-ups are something that everybody knows are so important, but that so many people let slide - until it's too late. I have discussed this matter in detail in GTG #262, where I talk about the "Three Golden Rules". I also shared some of my personal experiences with the question of back-ups in GTG #298 when my home was hit by a hurricane. As far as this subject is concerned, these two references should cover it; but just in case, let me reiterate: YOU NEED BACKUPS!