In the first two parts of this discussion we covered the first few
topics involved in the task of setting up a webserver at home to host your own
website. The assumption for this article is that you have Windows XP Home
Edition
This is the list of things that you have to have in place, the
first four are covered in
part one,
the next three are in
part
two, and the last two are covered here:
Now we continue:
In the introduction to this discussion, I mentioned the notion
of having your computer fully patched, firewalled and protected against viruses
and spyware. Now it’s time to discuss those items in a little more detail.
First, there’s patching. Here’s an excerpt from
GTG #283: "Those who are in the best position to discover flaws and holes in
an operating system are those who know it best; namely, its authors. There are
mechanisms for security conscious system administrators to notify each other of
holes, including NTBugTraq. Details of NTBugTraq can be found at
www.ntbugtraq.com. As the
author of the Windows family of operating systems, Microsoft, among other
things, keeps a close eye on NTBugtraq. It is only the team at Microsoft who are
in the position to create patches for these holes, since only they have all the
operating system source code. It is therefore they who are in the best position
to notify you when both a vulnerability is identified and its patch is
available. To this end, Microsoft came up with Windows Automatic Updates.
Automatic Updates can be found in the control panel in Windows 2000 and as a tab
of System Properties in XP and 2003. There are four options available. It can be
turned off, which is probably only really a reasonable option on a machine that
is never connected to the Internet. When on, it can be set to notify you before
downloading updates, to notify after downloading updates or to simply download
updates and install them on a specified schedule.
The use of Windows Automatic Update to notify you of security patches is an
excellent mechanism. My personal preference is to have automatic updates turned
on and have them downloaded ready for me to apply. I also like to monitor for
updates by subscribing to Microsoft’s Product Security Notification Service (see
http://register.microsoft.com/regsys/pic.asp). I believe that the best time
to apply a patch is now or sooner — later is just not a good idea. As the
number of threats increases all the time, it is becoming more and more critical
that hotfixes be applied in a timely manner."
Next, let’s think about firewalls. There are a lot of
software firewalls available. There’s one built-in to Windows XP, and
turned on by default in XP with Service Pack 2 installed (which I am sure you
now have!) While these are a very good idea, it is my personal preference
to also use an external firewall. There are plenty of inexpensive routers
with built-in firewalls. Vendors such as
Netgear,
Linksys,
Belkin and many others all
have such products.
When you use an external firewall you increase your level of
protection considerably, since many forms of attack are blocked before they even
reach your computer, and because the presence of the external firewall will
prevent most hacker tools from discovering information about your computer.
There is no such thing as a 100% defense, but making life as difficult as
possible for a marauder goes a very long way. Remember that those with
malicious intent are usually out for either prestige or cash. There’s not
much prestige in breaking into a home computer, and there’s a lot more cash
elsewhere too! You mostly need to protect your system from
"run-of-the-mill" mass attackers.
When you set up your firewall (external, internal or both),
remember to open up the port that your inbound web requests will be arriving on
– either 80 & 443 or whichever port you have your requests redirected to.
Now there’s the question of virus protection. This is, of
course, the most famous of the "definitely required" forms of protection — so
much so that a lot of people seem to think it’s all they need. How wrong
they are! It is, however, a critical form of protection. In today’s
net world a computer connected to the Internet without virus protection is
almost certain to be infected in a short time. So which one do you chose?
In my humble opinion, you need something like
McAfee,
Norton,
Trend or
Panda
with virus definition no more than a week old (update it every week with its
automatic update or manually.) I don’t recommend something like "Joe’s Neato
Anti-Virus".
Another scourge on the net is spyware. Spyware (software
the watches what you do and reports back to some source) has become such a
problem that it is now almost as famous an evil as viruses. So much so, in
fact, that most of the anti-virus vendors also have anti-spyware software.
Most of them bundle both types of protection, along with a software firewall,
into an Internet Security package. These bundles are a very good value and
afford excellent levels of protection. For stand-alone anti-spyware
software, my personal favorite is Spy-Sweeper from
Webroot Software.
There have been several occasions where Spy-Sweeper has found spyware left
behind by some other anti-spy programs, but I have yet to find the reverse (as
long as Spy-Sweeper’s spyware definitions are up to date.
For a few other considerations with regard to protection, there
is more discussion I wrote recently in
GTG #333 – you could check that out also.
I can never stress enough the importance of a good back-up
regimen. Back-ups are something that everybody knows are so important, but
that so many people let slide – until it’s too late. I have discussed this
matter in detail in
GTG #262, where I talk about the "Three Golden Rules". I also
shared some of my personal experiences with the question of back-ups in
GTG #298 when my home was hit by a hurricane. As far as this subject
is concerned, these two references should cover it; but just in case, let me
reiterate: YOU NEED BACKUPS!
