WebSTAR 4 Manual & Technical Reference

Manual Contents | Chapter Contents | Previous Page | Next Page

WebSTAR Security

Your Web, Mail and FTP servers present you to the Internet, and it's important that no one should change your site or modify your server settings without permission. While the Macintosh is one of the most secure server operating systems available, you still have to be careful to keep your server safe. For additional helpful information, see:

Open Transport versions 1.3 and later reduces the system's vulnerability to certain network attacks
http://www.w3.org/Security/Faq/www-security-faq.html

Physical Security

The server machine runs the WebSTAR Server Suite application, which controls the Admin password, and the hard drive stores the WebSTAR Settings and the user names and passwords files. Make sure that your WebSTAR server machine is in a secure location. This may be your office, a closet, or a server room with locks or other controls.If you cannot lock the machine away, you should consider locking it to a desk or wall, so it can't be easily stolen.

WebSTAR Server and Admin Security

On your server machine, you can use software that controls access to the disk and applications, such as Apple's At Ease or the commercial Folder·Bolt. In addition, if you use the WebSTAR Background Server , there will be no application visible on the server machine. This reduces the chances of someone else quitting the server by accident.

The WebSTAR Admin application always encrypts communications with the server. That is how it can be secure, although the messages are sent via TCP/IP. You set the WebSTAR Admin password in the WebSTAR server application (see Admin Password ). Be sure to follow the guidelines in Safe Passwords .

The web browser administration pages are protected by the Administration Realm, and require a password to access. However, unlike WebSTAR Admin, commands sent to the server from a browser are not encrypted . If you use the Browser Admin, track your pages carefully and change your Administration Realm password often (using the WebSTAR Admin application).

For more information, see Browser-Based Admin

Firewall Security

Firewalls are security applications which check for unauthorized use of the server. They are not always required for WebSTAR Servers, because Macintosh systems are not vulnerable to the same kinds of attacks as other platforms. However, firewalls provide substantial additional protection, and allow you to track any attempts to break into your server.

Some routers provide firewall security. For software firewalls, see Open Door Systems

http://www.opendoor.com/

SSL Security

To provide a secure web site for an online store, confidential discussion area, access to proprietary databases, or other private services, you can use the SSL (Secure Sockets Layer) portion of the WebSTAR Server Suite. With a special certificate, this allows the server to work with browsers to send encrypted data, rather than plain text, over the Internet.

For more information, see About SSL Security .

CGI and Plug-In Security

WebSTAR provides several levels of security for CGIs, Plug-Ins and WebSTAR SSI commands. Even if you allow others to upload files to your server, you can use special folders to control what code runs on your machine.

CGIs

You may limit CGIs to the cgi-bin folder, so any uploaded CGIs cannot run. Set this limit by checking the option Restrict CGIs to CGI-BIN .

Plug-Ins

Plug-Ins can only be run from the Plug-Ins folder in the WebSTAR folder. WebSTAR will not serve any files from the Plug-Ins folder, although Plug-Ins can read and write to that folder.

WebSTAR SSI Security

The WebSTAR SSI Plug-In allows you to use SSI commands to run programs and include other files. You can use the options in the WebSTAR Admin panel SSI to disable these commands, restrict the files used to those in the SSI folder in the CGI-BIN folder, or allow these commands to access all mounted volumes. The default setting is the most secure: the commands are disabled.

Web File Security

The WebSTAR servers will never serve any of the WebSTAR applications or settings files (these have a Creator Code beginning with " WWW "). In addition, WebSTAR will not serve any files from the Plug-Ins folder.

Your WebSTAR log file is automatically protected as a realm. No one can view it unless you give them access (see Security Realms ).

Security Realms

WebSTAR has several options for limiting access to the site, or to parts of the site using the browser machine host name or a user name and password system. For more information, see Security Realms .

You should set up a log file analysis program and use it regularly to check who is accessing your security realms.

Robots.txt

Webcrawlers, spiders and robots may access your site to index it for search services. They follow all links on the default index page and linked pages. These agents can only read the files that are publicly accessible (not secured under WebSTAR's access controls). The Robot Exclusion standard allows you work with the agents using a robots.txt file. For more information, see:

 
http://info.webcrawler.com/mak/projects/robots/norobots.html

FTP Security

Within the WebSTAR Admin application, you can define user names and passwords, along with the root folder for that user and whether or not they can download or upload files, create and delete folders, and more.

For detailed information, see FTP Security .

You should limit access to FTP: set up your FTP folder hierarchy carefully, keep track of the users who can upload, and check your FTP logs carefully.

Safe Passwords

Passwords are only safe if no one can guess them--and if you remember them! You must be careful in setting and storing passwords, and change them regularly. In addition, you should have a password control system so that if you cannot reach your system, someone you trust can work with your server.

Make sure you have a secure storage area for your most important passwords, such as a safe, a safety deposit box, or a secure area in your supervisor's office.

When you make a password, follow these guidelines:

If you follow these guidelines, it is unlikely that anyone will guess your password and be able to break into your site.


Manual Contents | Chapter Contents | Previous Page | Next Page