Jump to content
  • Advertisement
Sign in to follow this  
polyfrag

[web] Secure server

This topic is 2616 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

This is a continuation of http://www.gamedev.net/topic/608268-do-i-need-a-gambling-license/page__pid__4847510#entry4847510

How do I maintain a secure server?

Does anybody know how BitCoin was hacked?

Are there any good security websites?

Share this post


Link to post
Share on other sites
Advertisement
How do I maintain a secure server?
Have it be designed by someone with experience in computer security wink.gif
There's a lot of concepts that are subtly important in security -- e.g. I was initially confused that authentication, authorisation and identification are all completely different (and very important) concepts, when to me, they seemed to be almost the same thing.

That wikipedia link and it's "See also" section makes for a good self-education resource.
Does anybody know how BitCoin was hacked?[/quote]BitCoin itself wasn't hacked -- many users of BitCoin had a trojan on their computers, which stole their bit-coin wallet and sent it to the "hackers", who could then use this information to initiate BitCoin transfers from other people's accounts.

This is the same as stealing someone's real-world wallet and saying that you've hacked MasterCard.

Multi-factor authentication could've stopped this particular kind of attack.
e.g. if someone steals my online banking card, they also have to know my password. Plus, when they try to transfer money, the bank sends an SMS to my mobile phone, which you need to complete the transaction. So for someone to impersonate me, they have to steal my card, my password and my phone (and my phone's PIN?).
In the case of bit-coin, there was only a single 'item' that had to be stolen by the attackers.

Share this post


Link to post
Share on other sites
The basics include keeping strong passwords, keeping all software updated and patched on the server including the OS, keeping and maintaining a hardware firewall separate from the server so as not to slow down the server itself, changes software defaults as much as possible (port numbers used, URLs mapped to, default user names and passwords, etc), keeping a reliable anti-virus solution on board and updated, never installing software from questionable places, don't use the server for "casual" web browsing, don't install a ton of software that opens up ports and accepts data from the internet, block all software ports not necessary for the server's operation on both the firewall and OS, limit the number of OS users, implement IP sec, password, physical device, etc group policy on the server, change default OS usernames (administrator should NEVER be administrator and even then you should almost never use that account), perform all usual server interaction with a less-privileged account.

Yup, those and more are just the basics. That's what I could just think of in the span of about 1 minute and a half.

Share this post


Link to post
Share on other sites
Don't roll your own security. Use well known and well tested security (e.g. use SSL instead of trying to encrypt your connections yourself).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!