Servers for the Information Age

Handling the ‘Data on Demand’ needs of a New Generation!

-
A host is a server which provides a home for your website on the World Wide Web. Just as your computer contains all your files, so a host contains all the files needed to run your website. Why can’t you just keep all those files on your own computer? Because that would mean users would have to connect directly to your computer to see your website. Not a good idea–it wouldn’t be secure and it would make your machine run like a tired snail. With a host, you can simply upload everything you need to the server and your users can then connect there to see your site. It lets the site run faster and allows it to have all the security and extras it needs.

Selecting a host is the first important step towards building your Internet business.

Hosting services and companies vary from totally free, shared servers to large-scale dedicated machines. You’ll have to decide which is right for you and your business. To help you make that decision, study the following:

Free Servers:

Advantages: *No Cost *You manage the server software and network

Disadvantages: *Search engines view free hosting services as inferior and sometimes do not include them in their index. *Some free hosting services do not allow you to use a custom domain name *The bandwidth is restricted and may cause difficulty for visitors attempting to access your site. *Because the service is free, some providers do not strive for 100% uptime which could result in your site being frequently inaccessible. *Software availability is limited, and free hosts do not generally provide database options. *Disk space is sometimes limited; ensure that you are getting all the room you need. *Poor response time for support. *Very limited support.

Cheap Web Hosting:

Advantages: *Server, software and network is managed and supported for you. *You can select a custom domain name. *Search engines don’t view you as second class if you have your own domain name. *Improved response time for support. *Uptime is improved. *Technical support is provided, generally 24 hours a day

Disadvantages: *Bandwidth restrictions *Shared processing power *Limited software *Potentially limited disk space

Mid-Priced Web Hosting–Shared Servers:

*Server, software and network is managed and supported for you. *You can select a custom domain name. *Search engines don’t view you as second class if you have your own domain name. *Improved response time for support. *Uptime is improved and generally guaranteed *Technical support is provided, generally 24 hours a day. *Generally offer a wide range of software options and configurable bundles, *Improved bandwidth.

Disadvantages: *Shared processing power,
*Expensive, *Dedicated Servers:

Advantages: *Server, software and network is managed and supported for you. *You can select a custom domain name. *Search engines don’t view you as second class. *Improved response time for support. *Uptime is improved and generally guaranteed. *Technical support is provided, generally 24 hours a day. *Generally offer a wide range of software options and configurable bundles. *Improved bandwidth. *Processing power is not shared

Disadvantages: *The cost is higher than any other options, but well worth it if you choose wisely.

Your choice of server will depend on how much money you have available at the beginning and how much you plan to grow in the future. In my opinion, for commercial sites, free hosting is a waste of time. Your users are going to get blasted with annoying pop-ups every time they surf to your page, it’s going to be impossible to get a decent position in a search engine, and you don’t even get a real business URL. No one’s going to remember your Web address if they have to type . Also, you won’t have to worry about down servers, which can happen frequently with free hosting. But it is possible to choose a cheap host at the beginning and move up as your business begins to bring in money, but I don’t recommend it.

If you are serious about your on-line business, then go for the gusto right away and get the best. You can get good, professional hosting for an average of $25 per month. It might seem like a lot, especially if you are just starting out, but it will save you loads of headaches down the road. Here is a first-class, high-quality site that offers professional web hosting: ThirdSphereHosting.com You will find that all my recommendations are of the highest quality. I have been through the mill probably like you have and now my standards are high. Anyway, it doesn’t cost to have a look.

About the author:
Internet marketer Tony Smith probably like you, has learned some lessons the hard way. He writes to his audience with tips for the most professional, reliable and trustworthy tools that the internet has to offer. This week’s feature deals with Web Hosting. Have a look. It’s more than just a host: ThirdSphereHosting.com

Handling the ‘Data on Demand’ needs of a New Generation!

-
1) Where can I find a decent Intranet Application? 2) What about a good Groupware application? 3) What about a custom search engine for our intranet pages?

These questions are asked quite frequently in hundreds of forums.

One obvious solution is to approach a software development company and obtain a custom built product. However to take this approach one needs to first know what features and functionality is desired. Then on the other hand in some instances the need does not warrant the cost of commissioning a custom application.

A plethora of free open source web applications exist today. Regardless of the specific circumstances of the need these applications can quite often prove to be a valuable resource.

http://freshmeat.net is one of the best online directories of open source applications. A quick search on freshmeat.net for say “intranet”, “cms” or “groupware” will yield pages of results. Browsing these results any application marked beta, stable or mature is a possible solution. A large majority of the available web applications would also state PHP + MySQL as the platform.

Oh well I need to have some Linux Server and it’s way too hard is a common reaction. Fortunately this is not entirely true. If you wanted to host a large scale production site then the chances are that a custom Linux server may well be a requirement. However just evaluating on your own PC, or setting up a solution on your LAN for anywhere between 1 to 100 users can be easily realized without custom Linux servers.

The solution is in another open source free product known as WAMP server. The acronym stands for Windows Apache MySQL PHP server. WAMP is extremely simple to install and a good platform for either evaluating PHP + MYSQL applications or operating the same for up to a few hundred users.

Visit http://www.wampserver.com Or http://www.wampserver.com/en/ for the English version First it is important to note that most open source PHP + MySQL applications will not run correctly on the latest versions of PHP and MySQL. For this reason instead of the downloading the latest version of WAMP server click on “downloads” from the left menu and then click on “older versions at sourceforge” This will take you to https://sourceforge.net/project/showfiles.php?group_id=116092 scroll down and select “WAMP5 1.4.3″. Download the WAMP5_1.4.3.exe file and install it on your computer with default options.

Once installed and started a new icon will appear in the icon tray near the date/time on your task bar. Left click on this icon to activate it’s menu which allows you to restart or edit the configuration files.

Changing the web server port if necessary.

One common reason for wanting to edit configuration file is in case you already have a web server running on the same computer. In this case you would need to change the port address used by apache to something other than 80. In this case 8080 would probably be a good alternative choice.

——-Changing the web server port address Begin———– Click on the WAMP server icon and from the menu under “config files” select “httpd.conf”. A long text file will open up in notepad. In this file scroll down to the line that reads “Port 80″ and change this to read “Port 8080″, Save the file and close notepad. Once again click on the wamp server icon and select restart all services. One more change needs to be made before we are done. In Windows Explorer find the location where WAMP server was installed which is by Default “C:\Wamp”. Next goto the subfolder named “www“. Inside here you will see another subfolder named “phpmyadmin”. We are looking for a file named “config.inc.php”. In a default installation this file will be at “C:\Wamp\www\phpmyadmin\config.inc.php“. Open this file in wordpad and find the line that reads $cfg[’PmaAbsoluteUri’] = ‘localhost/phpmyadmin/’; Change this line to read: $cfg[’PmaAbsoluteUri’] = ‘localhost:8080/phpmyadmin/’; ——-Changing the web server port address End———–

Now open a web browser and access http://localhost . Or if you changed the port address to 8080 then goto http://localhost:8080/ You should be greeted by the WAMP welcome page. For each application that you wish to install create a new folder inside the “www” subfolder of where WAMP was installed. Lets assume that WAMP was installed at “C:\Wamp”.

Let say for example you wanted to install Mambo (www.mamboserver.com) 1) You would download the .zip or .tar.gz or .tar.bz2 file and uncompress it using winzip or winrar into “c:\Wamp\www\mambo“. 2) You would access the wamp welcome page http://localhost/ or http://localhost:8080/ and access phpmyadmin. In here you would create a new database for mambo. 3) You would then access the wamp welcome page http://localhost/ or http://localhost:8080/ and from the list at the bottom of the page you would click on Mambo 4) You would then be greeted by the mambo installer which is a simple 5 step process. (the default username for MySQL is root and the password is blank as in an empty string)

Let say for example you wanted to install oscommerce You would download the .zip or .tar.gz or .tar.bz2 file and uncompress it using winzip or winrar into “c:\Wamp\www\oscommerce“. 5) You would access the wamp welcome page http://localhost/ or http://localhost:8080/ and access phpmyadmin. In here you would create a new database for oscommerce. 6) You would then access the wamp welcome page http://localhost/ or http://localhost:8080/ and from the list at the bottom of the page you would click on Mambo 7) You would then be greeted by the oscommerce installer which is a simple process. (the default username for MySQL is root and the password is blank as in an empty string)

And so on and so forth.

Any PHP + MySQL web application which does not provide an automated installer is most likely not a very mature application.

Good luck

About the author:

TCWicks Is a software developer / systems analyst with over 10 years experience across many sub fields in Information Technology. He currently offers Web Design and Development Services through Zap Strategy

Handling the ‘Data on Demand’ needs of a New Generation!

-
The following is a simple how-to guide for installing, configuring, and running your first vulnerability scan using the NessusWX Windows client. The instructions do not include in depth explanations as it is assumed that you are familiar with benefits of using Nessus and have a general working knowledge of Windows.

As with any software installation, your results may vary depending on the machine operating system and patch levels being used. The installation steps were conducted using of NessusWX 1.4.4 on several Windows operating systems and patch levels including XP, 2000, and 2003 Server to insure accuracy. It is recommended that the installation be conducted using the admin account or equivalent to avoid rights issues.

Install NessusWX

• Download and save the self-extracting version of NessusWX for Intel platforms
  from http://nessuswx.nessus.org/ to a temp directory on your hard drive.
  (nessuswx-1.4.4-install.exe, 1413KB in size);
• Double-click NessusWX-1.4.4-install.Exe to start the installation process;
• If using XP SP2 you may be prompted with a warning message that the publisher
  could not be verified, click
  
• At the “Welcome to the Installation Wizard” screen click
  
• At the “License Agreement” screen read the license terms, check “Yes, I agree
  with all the terms of this license agreement”, click ;
  
• At the “Destination Folder” screen enter the desired location for NessusWX, or
  accept the default of C:Program FilesNessusWX, click ;
  
• At the “Setup Type” screen select “Binaries Only”, or if you wish the source files
  included select “Binaries & Source”, click ;
  
• At the “Program Group” screen select the desired program group, or leave at the
  default of NessusWX, click ;
  
• At the “Ready to Install the Program” screen click ;
  
• At the “Installation Complete” screen click .
  

If the installation process completed successfully, you now have a NessusWX desktop icon and Start/Programs/NessusWX menu listing.

Configuration of NessusWX

Before configuring the NessusWX client, you need some information concerning the Nessus server you will be using. Please contact you Nessus server administrator for assistance if needed.

Nessus server IP: _______________________

Nessus port number: _____________________ (default is 1241)

Max simultaneous hosts: __________________ (default is 16)

Max security checks per host: ______________ (default is 10)

Your Nessus login name: __________________

Your Nessus login password: _______________

Maximum simultaneous hosts, and maximum security checks per host, refers to the number simultaneous scans that will be performed. It is possible to optimize a Nessus server to support more then the default settings and to use a different port. If in this information is not available or unknown use the default values.

Your Nessus Server administrator has the ability to limit what IP range(s) you can scan based on your login name. Speak with your Nessus server administrator and determine what limits, if any, have been established.

• Upon executing NessusWX you will be prompted with the “Settings” screen,
  “General” tab,requesting database directory information. By default NessusWX
  uses C:NessusDB to storescan result. The database location can be a network
  drive if you wish to store results on a network drive for security purposes.
  Select the defaults value or change to the desired directory, click
  
• If the directory you selected does not exist, you will be prompted with a
  creation message, click
  
• Select “Communications/Connect” menu option
  • Change the default Server “Name”, from the default 127.0.0.1, to the
    desired Nessus server;
  • Change the default Server “Port Number”, from 1241, to the desired Nessus
    server port if needed;
  • By default, NessusWX selects TLSv1 as encryption option;
  • Select “Authentication by Password” radio button;
  • Check save password checkbox;
  • Change the default Authentication “Login” value to your Nessus login name;
  • Enter your Nessus login name password, click
    
  • You will be prompted with New Server Certificate window displaying the
    Nessus server certificate information, click
    

If the userid/password information you entered is correct, you will receive a brief message that NessusWX is downloading plugin information. Upon download completion, something similar to the following will be displayed at the bottom of the NessusWX screen:

Using

Connection with the server [xxx.xxx.xxx.xxx] established

xxxx plugins loaded

xxxx preferences received

xxxx rules received

You now have a fully functioning copy of NessusWX installed, have connected to a Nessus Server, and are ready to being performing vulnerability scans.

Before You Scan

Before performing vulnerability scanning, a few cautions and recommendations should be considered:

• Make sure you are acting within your authority. Most companies have strict
  policies about who can perform vulnerability scanning and on what equipment.
  Acting outside your authority with a vulnerability scanner could lead to your
  dismissal;
• Absent Nessus server based rules that limit what IP ranges you can test, obtain
  written permission on what you are and are not permitted to perform
  vulnerability test on;
• Vulnerability scanning can leave equipment in an unstable state. This is
  practically true if performing Denial of Service tests and/or testing systems are
  very poorly configured. Nessus vulnerability scanning is normally not destructive
  and rebooting the affected equipment will return it to the correct operational
  state;
• NessusWX has a selection for “Safe checks” that disables the most dangerous
  scripts from executing and instead relies on banners information to determine
  vulnerability rather than exploiting the real flaw. However, it is still possible
  to leave equipment in an unstable state;
• If your company uses an intrusion detection system, performing vulnerability
  scanning on the network will most likely trigger intrusion alerts. Vulnerability
  scanning is very “noisy” and easily detected by most intrusion detection
  systems;
• If you are performing vulnerability scans across the internet verify your ISP will
  not object, that your scanning will not trigger their intrusion detection system,
  and request documentation concerning scanning polices and rules that you
  must follow;
• Exercise common sense when performing vulnerability scans. For example,
  it s most likely not a good idea to run a Denial of Services test on your core
  router during normal business hours;
• NEVER SCAN EQUIPMENT THAT YOU ARE NOT EXPRESSLY AUTHORIZED TO SCAN.
  Doing so could result in lawsuits, bad press, jail, ISP termination, and
  unemployment just to name a few. Running a Denial of Services test against
  your competitor s web site for example, will most likely result in several unwanted
  events occurring once you and your company are identified as the cause.

Performing Your First Scan

To perform your first vulnerability scan, you must create a Session (job) outlining the targets and scanning options desired.

• Click menu selection Session/New;
• You will be prompted to enter a session name or accept the default of “Session1″.
  Enter “First Scan”, leave “Define additional properties” checked, click ;
  
• At the “Session Properties - Test Scan”, click the “Targets” tab, then
  click ;
  
• At the “Add Target” screen you have the option of entering a single host, a
  subnet, or IP range depending on scanning needs. For our test session, select a
  single IP address and enter the IP or Host name of your workstation, click ;
  
• Click .
  
• Click the “Options” tab:
  • Change “Maximum simultaneous” default value if needed;
  • Change “Security checks per host” default value if needed;
  • “General scan options/Enable plugin dependencies”. Nessus uses many plugins
    (tests) that require the use of other plugins to operate correctly. Checking
    this box permits Nessus to automatically enable dependencies as needed.
    For our test scan, “Enable plugin dependencies” should be checked;
  • “General scan options/Do reverse DNS lookups” simply performs a DNS lookup
    on the target to determine the host name. For our test scan, check “Do
    reverse DNS lookups”;
  • “General scan options/Safe checks”. As stated previously, Safe Checks
    disables the most dangerous scripts from executing and instead relies on
    banner information to determine vulnerability rather than exploiting the real
    flaw. For our test scan, leave “Safe checks” checked;
  • “General scan options/Optimize the test” lets Nessus avoid all apparently
    irreverent tests. For example, tests will not be conducted for web site unless
    a web site is detected. For our test scan, leave “Optimize the test” checked;
  • “General scan options/Resolve unknown services” will permit Nessus to resolve
    any unknown services that may be operating on the system. For our test
    scan, leave “Resolve unknown services” checked;
  • “Path to CGI s”. Nessus has the ability to check for generic CGI vulnerabilities
    that may be present. For our test scan, leave “Path to CGI s” at the default
    of “/cgi-bin”;
  • “Interface options” permits you to limit the results that are displayed on the
    screen while scanning is occurring. For our test scan, leave both items
    unchecked to display the maximum amount of information;
  • Click .
    

• Click the “Port scan” tab:
  • “Port range to scan” permits you to enter the ports Nessus will scan. For our
    test scan, we will use the default of “Privileged ports (1-1024)”;
  • “Port scanners” permits the use of a wide range of port scanners depending
    on your needs. For our test scan, leave the default of “Ping the report host”
    and “tcp connect scan” checked.
  • Click .
    

• Click the “Connection” tab will permit you to enter and store specifics about the
  Nessus server to be used for the session. Since we are currently connected to
  a specific Nessus server, no need exists to enter this information for our test
  scan;
• Click the “Plugins” tab:
  • To test for system vulnerability we must enable plugins. Check the “Use
    session-specific plugin” checkbox. You will notice that currently “0 plugins
    currently are selected for execution”;
  • Click the “Select plugins” button to display the “Plugin List” screen. For our
    test scan, click the “Enable All” button, click , when prompted with
    “Do you wish to enable all port scanners as well”, click . You will
    notice that 2400 or so plugins are now selected for execution;
    
  • Click .
    

• Click the “Comments” tab and input any remarks you have concerning this session
  or its settings, then click to save your Session;
  

To execute the Session, right-click on the icon and then select . When prompted at the “Execute Session” screen simply click Execute and vulnerability scanning will commence.

Closing

Take some time, experiment, and learn what NessusWX and Nessus have to offer. Patch systems and rescan to verify vulnerability have been closed. Using NessusWX and Nessus will permit you to find system vulnerabilities before hackers and virus/worm writers have opportunity to do it for you.

About the Author

Lew Newlin is CTO of Information Solutions, Inc. that operates SiteRecon.com.
SiteRecon specializes in security, email monitoring, and web site monitoring for Internet service providers and businesses.