The Issues
- WWW (HTTP) and FTP Servers Run as Root:
by default on UNIX boxes the servers must run as root; complex,
possibly bug-ridden or trojan-horse code leaves you vulnerable.
Consider running non-root versions (eg port 8080 HTTP server on UNIX),
and/or line-by-line source checking. Check your logs.
- Keep Them Off Critical Machines:
Minimise effects of breakout; keep servers off fileservers, NIS
or DNS primaries, firewalls, etc, as far as possible.
- Don't Run Them At All:
Rent space on someone else's server or go to a third-party supplier
such as ExWeb; also can improve reliability and performance, and
helps if your connection is not permanent.
Next