While I respect the fact that a command line interface is the most secure server implementation for Linux, I am very excited about the basic user interface provided by the open-source project Webmin. Have you ever wanted all of your commonly used server functions centralized in one easy-to-read, tree-based webs interface? Webmin's checkboxes make server configuration easy, and prevent common mistakes due to incorrect task settings. Although you can use the command line tasksel function to select server roles or "tasks," you can also verify your server tasks and their settings through the Webmin interface. Initial installation and configuration of Webmin is simple and you will most likely access Wemin at http://my host:10000, where my host is typically the name of your machine, for example "ubuntu_one." Webmin accepts third-party plug-ins from a variety of open-source projects, including Squid proxy server and CUPS print server, and open-standard IPSec VPN.
Webmin may not be necessary on a single-purpose dedicated server that only needs to be configured once, however on an actively modified server, it can save time and prevent configuration mistakes.
Wednesday, February 02, 2011
Web Application Vulnerabilities
Whenever you interact with a customer or contact through a website, you open your web server to potential exploits accessible through the user's input. Security standards suggest that all web input should be validated, before being passed to php or SQL routines. While a reverse Turing test, such as a "Captcha" function, can prevent robotic intrusion, a secure website must go further and prohibit certain forms of regular expression that would not be valid for the input field. Hacker tools such as Armitage's Metasploit implementation can be used preventatively in penetration testing, or may be encountered "in the wild," operated by malicious hackers. Programs of this nature will probe your site for SQL implementation problems, and attempt to exploit code vulnerabilities in the user interface. Input validation becomes your line of defense, and regex your key to excluding unwanted command input.
Subscribe to:
Posts (Atom)