Can you help me suggest best and top security measures aimed to prevent unauthorized access to a network through its INTERNET connection? Thank you.
geez, where's Kevin Mitnick when you need him..... The only sure-fire method I know of is to completely disconnect the Local network from the outside world all together. But that defeats your purpose. So here's my uneducated 2 cents. I would recommend a HARDWARE firewall, and some flavor of 'nix or bsd for your local server. If you really like windows then Winblows Server 2003/2008 + ISA server and whatever the next 50 posts recommend. You should be able to tighten up your Network a little by tweaking But I might just be talking out of my arse! Also - a software program like peerguardian² or a similar title should help you block a LOT of those incoming naughty IP's - but not everything - you can use peerguardian and build a custom list that would block ALL IP's except your local range - but that's only for windows - and it's a bit buggy on Vista - there are other ways to employ the IP blocking. - Just an idea hopefully someone will post something more useful soon. Best of luck friend!
Thank you Digitalchuck for sharing your tips. I hope to get more insights and tips from other DP members.
1. step remove all security feature then scan your network using nessus then remove / solve any security issues listed and reactivate your default security features 2. step install snort !!! using all the security signatures relevant to your applications installed on netword 3. install mod_security2 on apache 4. install root kit, etc 5. scan all site / all uploaded files daily or during upload 6. limit access to your network to the most restrictive possible best allowing NO access at all from outside 7. since you have very basic questions - review your own qualifications and preparation / readiness to HAVE a network to have a network connected to the world definitely will cost you ALL peace of mind until you are heavily experienced pro and keep your site / network as simple as possible NO hosting company can keep a network clean and free of hackers I have never heard nor seen a hosting company being able to do so ... for simple lack of qualification and lack of time to keep UP with cyber criminals technical development how do you as a single person expect that be managed by you ? if your signature is what you do - then your customers are your greatest risk factor