Here are 20 things you can do to make your apache configuration more secure.

Disclaimer: The thing about security is that there are no guarantees or absolutes. These suggestions should make your server a bit tighter, but don’t think your server is necessarily secure after following these suggestions.

Additionally some of these suggestions may decrease performance, or cause problems due to your environment. It is up to you to determine if any of the changes I suggest are not compatible with your requirements. In other words proceed at your own risk.

First, make sure you’ve installed latest security patches

There is no sense in putting locks on the windows, if your door is wide open. As such, if you’re not patched up there isn’t really much point in continuing any longer on this list. Go ahead and bookmark this page so you can come back later, and patch your server.

Read the rest of this entry »

Two-in-one DNS server with BIND9

• This tutorial shows you how to configure BIND9 DNS server to serve an internal network and an external network at the same time with different set of information.

1. The problem
It is a typical problem in organizations that are growing that they have to resolve two problems at once:

• To have a DNS server for the internal network of the company because long ago there were already too many computers to remember their IP and even too many computers to maintain a set of host files

• To have a DNS server for the external servers, for external clients, etc.

• To solve this problems become a bigger problem when the growing organization can’t supply more resources than one DNS server3. It is a bigger problem because if you just configure your server with all your names, public and private, you’ll end up polluting the Internet with private addresses, something that is very bad, and also showing the world part of the topology of your internal network. Something you don’t want a possible attacker/cracker to have.

• The other part of the problem is that for efficiency you may want to resolve to internal IPs when you are inside and external IPs when you are outside. Here I am taking about computers which have public and private connections.

Read the rest of this entry »

Theory Behind Caching-Namerserver and BIND 9:

• Caching-Nameserver is a type of nameserver that will resolve a web addresses (domain names) from its next or master DNS, and will keep those entries in cache, after first time resolution it will resolve DNS queries locally, untill its TTL (Time To Live) is expired.

• BIND 9 is used to resolve domain resolution queries from it own database, as it is SOA (Start Of Authority).

• So now it is clear that in our setup the caching-nameserver will be used to resolve domain names externally (internet), while BIND 9 will be used to resolve domain names from our local network (internally).

• Now we have caching-nameserver and BIND 9 hammer in our hands, lets start fixing it.

Read the rest of this entry »