Terima kasih atas kunjungan berharga anda. Jadikan ia berharga dengan bermain di column kempen saya (saya akan balas jasa anda).
Blog ini di'maintain'oleh blogger yang masih ayam dalam teknik editing. So kalo berat sgt nak load page tu, sila inform. Owner akan cuba buangkan any load yang tak perlu. Kalo ada sebarang cadangan lagi bagus. Send dekat
pakcoh@gmail.com

Friday, June 25, 2010

Demilitarized zone (DMZ)

Figure A : DMZ Sample Topology

A DMZ is the most common and secure firewall topology. It is often referred to as a screened subnet. A DMZ creates a secure space between your Internet and your network, as shown in Figure A.

A DMZ will typically contain the following:
  • Web server
  • Mail server
  • Application gateway
  • E-commerce systems (It should contain only your front-end systems. Your back-end systems should be on your internal network.)

Why DMZ?
  • considered very secure because it supports network- and application-level security in addition to providing a secure place to host your public servers. A bastion host (proxy), modem pools, and all public servers are placed in the DMZ.

  • Furthermore, the outside firewall protects against external attacks and manages all Internet access to the DMZ. The inside firewall manages DMZ access to the internal network and provides a second line of defense if the external firewall is compromised. In addition, LAN traffic to the Internet is managed by the inside firewall and the bastion host on the DMZ. With this type of configuration, a hacker must compromise three separate areas (external firewall, internal firewall, and the bastion host) to fully obtain access to your LAN.

Many companies take it one step further by also adding an intrusion detection system (IDS) to their DMZ. By adding an IDS, you can quickly monitor problems before they escalate into major problems.

Best Practice For Web Server Deployment

Network filtering:

Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).

Host based security:

Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack.

Limit the number of persons having administrator or root level access.

Apply relevant security patches as soon as they are announced and tested on a pre-production system.
Disallow all remote administration unless it is done using a one-time password or an encrypted link.
If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site. It would also be good to limit these connections only to a minimum number of secure machines and have those machines reside within your Intranet.

Configuring the Web service/application:

If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.

Run the web server in a chroot-ed part of the directory tree so it cannot access the real system files.

Run the anonymous FTP server (if you need it) in a chroot-ed part of the directory tree that is different from the web server's tree.

Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin.

Remove the "default" document trees that are shipped with Web servers such as IIS and ExAir.

Apply relevant security patches as soon as they are announced and tested on a pre-production system.

Auditing/logging:

Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet, or write to "write-once" media.

Monitor system logs regularly for any suspicious activity.

Install some trap macros to watch for attacks on the server (such as the PHF attack).

Create macros that run every hour or so that would check the integrity of passwd and other critical files.
When the macros detect a change, they should send an e-mail to the system manager, write a message to logs, set off a pager, etc..

Content management:

Do all updates from your Intranet. Maintain your web page originals on a server on your Intranet and make all changes and updates here; then "push" these updates to the public server through an SSH or SSL connection. If you do this on a hourly basis, you can avoid having a corrupted server exposed for a long period of time.
Write a script to download HTML pages and check against a template, if changes are noted, upload the correct version.

Intrusion Detection:

Scan your web server periodically with tools like ISS, Nmap, Nessus or Satan to look for vulnerabilities.
Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help you recover from an intrusion and strengthen your defenses.

Monday, June 21, 2010

Man Utd season 2010/11 Fixtures Revealed

To all RED DEVIL's fans, the fixtures for season 2010/11 had been revealed by manutd.com official pages.
Here are all the fixtures:

Sat Aug 14 Newcastle United H
Sat Aug 21 Fulham A
Sat Aug 28 West Ham United H
Sat Sep 11 Everton A
Sat Sep 18 Liverpool H
Sat Sep 25 Bolton Wanderers A
Sat Oct 2 Sunderland A
Sat Oct 16 West Bromwich Albion H
Sat Oct 23 Stoke City A
Sat Oct 30 Tottenham Hotspur H
Sat Nov 6 Wolverhampton Wanderers H
Wed Nov 10 Manchester City A
Sat Nov 13 Aston Villa A
Sat Nov 20 Wigan Athletic H
Sat Nov 27 Blackburn Rovers H
Sat Dec 4 Blackpool A
Sat Dec 11 Arsenal H
Sat Dec 18 Chelsea A
Sun Dec 26 Sunderland H
Tue Dec 28 Birmingham City A
Sat Jan 1 West Bromwich Albion A
Tue Jan 4 Stoke City H
Sat Jan 15 Tottenham Hotspur A
Sat Jan 22 Birmingham City H
Tue Feb 1 Aston Villa H
Sat Feb 5 Wolverhampton Wanderers A
Sat Feb 12 Manchester City H
Sat Feb 26 Wigan Athletic A
Sat Mar 5 Liverpool A
Sat Mar 19 Bolton Wanderers H
Sat Apr 2 West Ham United A
Sat Apr 9 Fulham H
Sat Apr 16 Newcastle United A
Sat Apr 23 Everton H
Sat Apr 30 Arsenal A
Sat May 7 Chelsea H
Sat May 14 Blackburn Rovers A
Sun May 22 Blackpool H

Glory glory Manchester United!

Monday, June 7, 2010

Hari bermakna

Salam sayang semua..
Hari yg paling bermakna dalam hidup aku setakat ini.. 


 tp ni tunang je la baru.. hee..

Thursday, June 3, 2010

DUNGUN-KL-DUNGUN-KL

Assalamualaikum..

Entry kali ni takde input pape sgt.. just nak share perjalanan saye minggu ni.
Bermula dari kl ari rabu bertolak ke dungun dengan niat balik utk menyelesaikan majlis tunang.. Tuptap2 6 jam perjalanan sampai dungun, mlm tu aboh i ni bgtau dorang satu family esok nye nak pergi kl sebab nak join demostrasi keamanan inciden flotilla mission tu.. Kalo sume join, saye pon join la.. haha.. so, semalam sampai arini dah naik kl balik.. kalo ikut perancangan, jap lagi bertolak, esok join demo then terus balik.. kalo tak balik alamatnye tak bertunang mane la saye.. hikhik.. n lepas tunang baru la pikir nk lepak kampung dulu ke or balik kl terus..

tu je.. sekian..

BTW, ni ade sikit pic utk dikongsi pasal tawanan warga malaysia yg ditahan dalam misi keamanan gaza tu.. Dr Selamat yg masuk berita akhbar metro arini..
Geng2 Depa dah selamat dibebaskan di Amman, Jordan.

Related Posts Plugin for WordPress, Blogger...