How to secure a web server from unauthorized persons?

D

Dmitry Lebedev2014-09-11 06:03:52

ubuntu

Dmitry Lebedev, 2014-09-11 06:03:52

Hello.
We set the task to raise a web server on the local network and open access to it via SSH. The site will be hosted on the server. The software installation will be carried out by the office that made the site.
So, how to secure the server so that the guys do not get into our local network and steal data?
In fact, only their website is on the web server itself, there is nothing else there.
I'll get the user to them to install the software.
What actions are generally worth taking so that these lads do not go further than the web server?
Server on Ubuntu Server 12.04 LTS

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry, 2014-09-11
@zmeyjr

Do everything yourself. I think that LAMP should be raised for the local network site and upload the site .... Well, if something is so specific, then according to the instructions of the "lads".
Well, anyway, it's just not clear what kind of network, what, how and on what it was done.

I

Igor, 2014-09-11
@merryjane

If everything is so "secret", then only installing the server in a separate VLAN and issuing only one route through the VPN and only to this server will save you.
Thus, they will be able to get to the target server through the VPN, and the VLAN will prevent them from trying to go anywhere else on your network from the server.
But it's all very tough. If your other resources on the network are somehow blocked, for example, the file server gives balls for certain accounts from AD or allows servers only under certain accounts, then there is nothing to be particularly afraid of. You do not always give access to performers. They did the job, you took away access.

A

Alexander, 2014-09-24
@vopper

We need to take a closer look at the task, but I think you can try to authorize using the ssl key
habrahabr.ru/post/213741