PDA

View Full Version : Looking for ideas on "hiding" my server from the outside world




Dimwhit
Feb 25, 2010, 07:06 PM
I've got Snow Leopard Server up and running (well, in process). I've got a domain name set up and working for it (www.myserver.com). Our employees often work from home and on the road, so I need them to be able to easily access it. The problem is, anyone who types in the url to a browser can get to the main page of the SLS web services home page. Far as I can tell, they need an account to log into to do any damage, but I'm not 100% how secure it is.

Is there an easy way to prevent just anyone from seeing anything on that domain? Maybe I need to create a blank home page or something, but I'm not sure if there's a better idea.

If anyone has suggestions (or if I'm not making any sense), I'l love to hear them! Thanks.



angelwatt
Feb 25, 2010, 09:10 PM
There is no such thing as a 100% secure server. Microsoft, Google, NASA, etc. have all been hacked. If it's accessible on the internet you can't hide it. There's a lot of malicious-based bots that just ping addresses, even ones without a domain names pointing at it and throw commands at the machine to see what ports are open on it. You can't avoid this. The best you can do is setup a secure login authentication setup, use SSL/TSL, setup and configure routers and firewalls with security in mind, only open ports you need open, and educate the users.

Alrescha
Feb 26, 2010, 10:03 AM
Is there an easy way to prevent just anyone from seeing anything on that domain? Maybe I need to create a blank home page or something, but I'm not sure if there's a better idea.

Here is one possible solution:

1. Switch your web site from HTTP to HTTPS

2. Create a realm for your web site, give 'Everyone' permission 'None',
give your local group ('workgroup' or whatever) permissions 'Browse',
'Read/Write WebDAV', or whatever else you want.


Random users on the Internet won't accidentally visit your site as it won't be available on port 80 (HTTP). Snoopy people who purposely go to port 443 (HTTPS) will see nothing except the browser's login pop-up.

Your authorized users will have to enter their credentials at least once, but if they check the 'Remember this password in my keychain' box, they will probably never see the login pop-up again.

Your hardest job will be getting people used to the idea of going to https://<yourwebsite>

A.

Dimwhit
Feb 26, 2010, 10:34 AM
That's a great idea, Alrescha! Thanks. I'll give that a shot.