Securty thing? (please advice)

Re: Securty thing? (please advice)

thamood@gmail.c om wrote:
[color=blue]
> Hello guys
>
> we just installed apache and php and mysql in our small office and we
> are using a contacts system over the LAN using php and apache every one
> can access the computer that has the contact system on it from the IE
> freely.
>
> the quistion is ( when we are using the internet can anyone access the
> contacts system on the lan ? someobe told me yes as long as apache is
> running the computer is like a web site). please advice because we
> don't want our contacts to be avilable to any one.[/color]

Well, if your officenetwork is opened to the whole internet, you better
check a lot of other stuff too.

Are you sure you opened up your local network to the world?
The fact that you can find the internet from your office doesn't mean that
everybody on the internet can just walk into your officenetwork.

If you opened up your local officenetwork to the world, I would advise you
to change that, unless you have a permanent competent IT-staff that is
aware of all new flaws/bugs/MS-'features'/etc.

To your question:
IF you have your network open to the world (which is dangerous) AND you want
to limit the access to your local network only:
- Just check above every script if the IP-num of the client falls into a
range you KNOW is your local network, eg:

If your local network has IP-nums like: 10.0.0.12, 10.0.0.120, etc:

aaa.bbb.ccc.ddd
should fall into:
10.0.0.XXX where XXX can be anything.

Regards,
Erwin Moller

Re: Securty thing? (please advice)

Not for this NG, but nevertheless:

Short answer, your probably ok, test from outside the network, long
answer below.

You will have a connection to the internet on a router. Each computer
connects to the internet through this router. (I assume this is true).
Everything in your office is the local network (including any wifi
routers), and anything on the otherside of the router is the external
network (i.e. the internet).

The router is a bottleneck.

Each computer behind the router has "ports" and when data is sent to a
computer over TCP/IP it is sent with a "port number" for web stuff the
number is usually 80. Also each computer has an IP address, and the
ones in the local network have to use the ip address of the router to
get things from the network. The router then figures out who requested
data as it came in.

To get data to a computer in the local network you therefore need the
router to know which of the incoming data to send to that computer. One
method is because it is a response to a request. This is how you get to
go on the internet.

Another is port forwarding. If I send data to your router requesting a
certain port, then the router can be set up to forward that data to a
certain computer. It is therefore possible to get your server on the
web, but unless someone has gone to the trouble of setting up port
forwarding then it is unlikely that you have anything to worry about.

Re: Securty thing? (please advice)

thamood@gmail.c om wrote:[color=blue]
> Hello guys
>
> we just installed apache and php and mysql in our small office and we
> are using a contacts system over the LAN using php and apache every one
> can access the computer that has the contact system on it from the IE
> freely.
>
> the quistion is ( when we are using the internet can anyone access the
> contacts system on the lan ? someobe told me yes as long as apache is
> running the computer is like a web site). please advice because we
> don't want our contacts to be avilable to any one.
>[/color]

As others have indicated, it depends. And also, this is the wrong newsgroup.

A router may or may not be protection - it depends on the router and the
configuration. Or, you may not have a router - you may only have a switch
(virtually impossible to differentiate by looking at it).

I would highly suggest you get a local consultant in there to check out your
entire network. Even if you're using an address in the range of 10.xx.xx.xx or
192.168.xx.xx you could be vulnerable.

Security is nothing to ignore!

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Securty thing? (please advice)

Thanx a lot guys for the gr8 advices i'll check the network
setting....i think we have a firewall installed ... but i'll check it
again thanks a lot for the adiveces all of ya'll

best regards
thamood

Re: Securty thing? (please advice)

thamood@gmail.c om wrote:
[color=blue]
> Thanx a lot guys for the gr8 advices i'll check the network
> setting....i think we have a firewall installed ... but i'll check it
> again thanks a lot for the adiveces all of ya'll[/color]

Check for incoming open ports. (internet -> yournetwork)
You probably don't want them open.

Good luck.

Erwin
[color=blue]
>
> best regards
> thamood[/color]