Precautions to host my Live Application

see_my_signature_for_my_real_address.DeleteThis@hotmail.com (Dr. David Kirkby) wrote in message news:<c99d2c79.0408270524.4ee3aeaa.DeleteThis@posting.google.com>...
 > apachemono.DeleteThis@rediffmail.com (Sukhminder) wrote in message news:<dedf5c71.0408241126.3817389c.DeleteThis@posting.google.com>...
  > > Hi...
  > > I have to host an application developed in .NET live 24/7 on
  > > RHL9.0/Apache2.0. I am looking for all the possible precautions which
  > > i should take in order to keep this applications secure and robust and
  > > how to do them.I am naive to Apache/Linux so i would like to get
  > > advise from all the experts.All the help provided will be higly highly
  > > appreciated.
  > > Regards
 >
 > If you are a novice at Apache and Linux, you should NOT really be
 > working with applications that need to be very secure. I know nothing
 > about .NET.
 >
 > I'm not sure which one (NetBSD or OpenBSD) but one of them (probably
 > NetBSD) might be a better choice of OS than Linux. But realistically
 > unless you have experience and understand the issues, you should keep
 > away from applications demanding high security.
 >
 > I could list a lot of things you need to be aware of, but I don't
 > think there is any point.
 >
 > David Kirkby


Hi Dr.David,
I truly understand your point.
  >>you should NOT really be working with applications that need to be
very secure.
Bur Dr. everyone starts from somewhere and i have the passion to learn
and i know i CAN do it. All is need is guidance, i am ready to learn
anything, Dr. I want this company of mine to count on me. I have done
all the security implementations and recommendations said by many of
the experts in this field and i am very very thankful to all of them
plus i have also implemented many of the things pointed out by the
apache security documents. Your able guidance will also be highly
appreciated.
Best Regards,<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Precautions to host my Live Application 

apachemono.RemoveThis@rediffmail.com (Sukhminder) wrote in message news:<dedf5c71.0408271034.3671e035.RemoveThis@posting.google.com>...
 > see_my_signature_for_my_real_address.RemoveThis@hotmail.com (Dr. David Kirkby) wrote in message news:<c99d2c79.0408270524.4ee3aeaa.RemoveThis@posting.google.com>...
  > > apachemono.RemoveThis@rediffmail.com (Sukhminder) wrote in message news:<dedf5c71.0408241126.3817389c.RemoveThis@posting.google.com>...
   > > > Hi...
   > > > I have to host an application developed in .NET live 24/7 on
   > > > RHL9.0/Apache2.0. I am looking for all the possible precautions which
   > > > i should take in order to keep this applications secure and robust and
   > > > how to do them.I am naive to Apache/Linux so i would like to get
   > > > advise from all the experts.All the help provided will be higly highly
   > > > appreciated.
   > > > Regards
  > >
  > > If you are a novice at Apache and Linux, you should NOT really be
  > > working with applications that need to be very secure. I know nothing
  > > about .NET.
  > >
  > > I'm not sure which one (NetBSD or OpenBSD) but one of them (probably
  > > NetBSD) might be a better choice of OS than Linux. But realistically
  > > unless you have experience and understand the issues, you should keep
  > > away from applications demanding high security.
  > >
  > > I could list a lot of things you need to be aware of, but I don't
  > > think there is any point.
  > >
  > > David Kirkby
 >
 >
 > Hi Dr.David,
 > I truly understand your point.
   > >>you should NOT really be working with applications that need to be
 > very secure.
 > Bur Dr. everyone starts from somewhere

Sure. Reading your email again, I am not sure if its a case of

#1 The application MUST be secure, as a breach of security would cost
your company serious amounts of money, expose peoples financial
records etc, disclose propietry information etc.

OR

#2 A security breach on the application would not be a major headache,
but you want to avoid it at of professional pride.

I have been in the position of #2 before, where hacking of
non-commerical web sites would not have been the end of the world. And
the one commercial web site I hosted for a friend, would not have
involved major problem either.

For #2 took I some precautions - A dedicated web server, installing a
bare miniumum of Solaris, no GUI, no unwanted services, no telnet, no
ftp, no dns lookups. /usr is mounted read-only. A second machine is
set up ready to replace the first, in the event the first one gets
hacked.

I put the whole website on a read only file system (hard disk mounted
read-only, not a device like a CD). I was keen to avoid being hacked
- at one point I installed a dynamically configured firewall, that
would block IPs trying to hack me, but did give up with that. Likewise
I had to give up with the having the who website on a read-only file
system when a guestbook was installed.

I have a pretty good understanding of UNIX, if not Linux.

But in the case of (1), where the application **needs** to be secure,
rather than just a professional pride not to let ones server get
hacked, then I don't think a newbie to Linux and Apache should be
starting on such a thing.

All jet figther pilots have to start learning to fly jets, but I doubt
if that would be the first plane they learnt to fly. That was the
point I was trying to make - start on something less important.

Many run apache in a chroot enviroment. Do you know what that is and
have you used one before?

Clearly a good understanding of Linux is your first concern, as if the
operating system is not secure, nothing can be.

There are a number of web resources on security of Linux, and some on
Apache.

Sorry to be so negative, but the point I'm trying to make is that
starting on something where security is less important might not be a
bad idea. Trying to build a web site where security is a prime
concern, but with little knowledge or Apache or Linux, does not seem
a good idea to me.

Others might well disagree. I'm no expert on either Apache or Linux.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Precautions to host my Live Application