I will be hosting a website on windows 7 using Apache and a java based project tracking web application called jira on Tomcat using reverse proxy method. To secure that web application and my PC what steps should I take and from where should I start?

Recommended Answers

All 8 Replies

Here are some of the basics with regards to securing the PC/apps....

  • Rename/Disable the Admin and Guest account
  • Dont have any more local accounts defined on the system that what you actually need.
  • Ensure that all of your accounts have very strong and complex passwords.
  • If possible, change your account passwords routinely (every 90 days).
  • Make sure that you keep your system up to date with the latest security patches from Microsoft as well as other vendors for the products you are running on that system.
  • Dont share you passwords with anyone.
  • If your web application uses an authentication system, use SSL certificates to encrypt the traffic between the web server and web client.
  • Scan your computer and application regulary for known vulnerabilities.
  • Protect your local network with a firewall.
  • Protect your local computer with a local firewall if your local network will be sharing with other partially trusted networks like WiFi.
  • If you are going to be logging onto that computer regularly and using it as a workstation (not a good idea), be careful not to visit sites that could infect you with malware. Be careful not to open email attachments that could infect your system.
  • Ensure that your web application while being developed includes secure coding practices to avoid SQL injection/cross site scripting attacks.
  • Make sure you validate all of your user's input, not just on the client side using javascript, but also server side.
  • parameterize all of your input, do not assume that your input is not dangerous code.

It is good to know that I am on good track and few new things you have mentioned. To be honest I am little paranoid and it will be great if somebody shares their experince with such hosting on PC.

Member Avatar for iamthwee

Or just use linux.

Here I found more detailed tips and methods.

Comments will help than downvote.

Member Avatar for iamthwee

Yeah see all those reams and reams of information, install service pack 1 blah blah, install anti-virus, install windows defender, uninstall blah, remove admin privileges... blah blah the list is endless.

Linux removes all these headaches, linux is superior as servers and always will be. Take the time to learn it and you'll be much better protected running a faster leaner server which supports tomcat.

But I already know what you think about this.

Thats not my requirement if you can suggest anything regarding windows that will be nice.

Member Avatar for iamthwee

Unfortunately, I cannot as I have never used windows as a server. That being said, there are times when I see its need. I.E if you're running an asp.net application. Then there is no alternative.

I've had a look at jira and I see that it has a linux install. Your clients my have other ideas so I guess you have to run with windows.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.