TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

18-08-2007, 08:12 AM

"Mr. Happy" <mrhappy@discussions.microsoft.com> wrote in message
news:1184203253.599362@netadmin1.interbaun.net...
> Jibey Jacob wrote:
>
>> OK, I get it. All of this was just people with MORE experience sounding
>> off.
>>
> Actually, no. Those sounding off - in the main - aren't capable of setting
> up and maintaining a web server. That's why they suggested you
> seek "professional" help. :-)

And neither does the OP.

I have been doing this since 1971 in IT as a full time employee and as
consultant from the big iron horse mainframes using CICS to providing .NET
Web solutions on the MS platform for clients. I have been programming since
1980 and have worked with MS platform and solutions since 1996.

What do you do when a Web server has a denial of service attack being ran
against it? How do you leave port 80 open to customers but stop those that
are running a heavy Dos attack against the Web Server?

How do you go about looking at things on the Web server as far as the O/S,
processes that are running, etc, etc to know in fact that the Web server has
not been compromised?

What services and programs must be shutdown or removed from the machine for
a NT based O/S that's running a Web Server, so that the attack vector is
reduced?

How do you stop Cross Site Scripting CSS for Web application so that attacks
cannot be ran against other user that may visit the site?

How do you stop a user that's changing data in the URL on a Postback that
can allow a user to compromise a Web application?

How to you prevent the user from entering data into a HTML input field that
can allow the user to start issuing commands to the O/S?

You are giving bad advice if you're telling this person that he knows how to
put up a Web server solution, maintain the solution, knows how to go look at
certain aspects to ascertain that his site has not been compromised, and
what to do if it has been compromised.

If this person knows how to do the right thing in protecting his business,
then he will bring in a professional or professionals to guide him and NOT
throw-up some turkey hack bait site, that could lead to his business being
compromised.

18-08-2007, 08:12 AM	#26
Mr. Arnold Guest Posts: n/a	Re: Running a website using Windows Vista "Mr. Happy" <mrhappy@discussions.microsoft.com> wrote in message news:1184203253.599362@netadmin1.interbaun.net... > Jibey Jacob wrote: > >> OK, I get it. All of this was just people with MORE experience sounding >> off. >> > Actually, no. Those sounding off - in the main - aren't capable of setting > up and maintaining a web server. That's why they suggested you > seek "professional" help. :-) And neither does the OP. I have been doing this since 1971 in IT as a full time employee and as consultant from the big iron horse mainframes using CICS to providing .NET Web solutions on the MS platform for clients. I have been programming since 1980 and have worked with MS platform and solutions since 1996. What do you do when a Web server has a denial of service attack being ran against it? How do you leave port 80 open to customers but stop those that are running a heavy Dos attack against the Web Server? How do you go about looking at things on the Web server as far as the O/S, processes that are running, etc, etc to know in fact that the Web server has not been compromised? What services and programs must be shutdown or removed from the machine for a NT based O/S that's running a Web Server, so that the attack vector is reduced? How do you stop Cross Site Scripting CSS for Web application so that attacks cannot be ran against other user that may visit the site? How do you stop a user that's changing data in the URL on a Postback that can allow a user to compromise a Web application? How to you prevent the user from entering data into a HTML input field that can allow the user to start issuing commands to the O/S? You are giving bad advice if you're telling this person that he knows how to put up a Web server solution, maintain the solution, knows how to go look at certain aspects to ascertain that his site has not been compromised, and what to do if it has been compromised. If this person knows how to do the right thing in protecting his business, then he will bring in a professional or professionals to guide him and NOT throw-up some turkey hack bait site, that could lead to his business being compromised.