If you host your website on your own server, it will be open to the public. Is there a way to monitor/ protect the rest of your network from hackers who have open access to your site? We have a single LAN and public site on the domain server of that LAN. Windows IIS is running our site on our Windows 2019 Server and most business data has been pulled off the server to a client machine.
We don't have a huge (okay, hardly any) budget to work with.
Industry: IT Tech Support; application development; application interface development; retail sales of hardware and software, monthly PAAS support services including monitoring, patching, anti-malware, network maintenance and 24x7 support.
Requirements: monitor only those nodes and forests that need to be protected. If monitoring tells you who is visiting your website, great, but we already have that. We want to know who is trying to hack our site or network using procedure calls or other means that are not predefined and approved by security team.
Hi, your question tangles on various subjects.
Firstly, IIS is a great choice for hosting internal sites. But the windows under this IIS has many issues to keep up with so most public sites are just hosted on linux.
I don't want to push you to an OS you are not comfortable with, so I suggest you keep prying eyes/code/hackers from your public site by singling out the ports open to public by using a firewall on your perimeter and only let through your port 443 for https traffic.
To further harden your approach you could put a reverse proxy between firewall and webserver (or the firewall appliance does that feature too) to let only urls pass that aligns with your website structure.
This way you have no exposure to hackers besides what should been put out there. On linux you have something like fail2ban which monitors accessed pages and blocks stubborn users if they subsequently try to gather vulnerable site paths. Something similar to this would be convenient on windows too, so you have a vector to look out for. I don't know if there is anything like this.
hope this helps, let me know
Steve
You're describing the use cases for a Web Application Firewall. Web-specific IDS, injection, attack detection and mitigation.
Cloudflare is one you might look at. Imperva, Whitehat... several vendors and products to choose from. One in the cloud that also does DDoS mitigation would be where I'd look.
UEBA applied to the application logs can help detect and identify issues and attackers but may be overkill unless you also need SIEM and want to ingest other logs.
Your requirements can be tackled from a network security perspective.
Using a positive security model, you can allow only 80 or 443 to access that server (HTTP or HTTPS) Since it is windows, do not allow SMB or RDP into that server - this unhygienic practice can be found in most organizations. The server functions as a webserver so only allows that.
Make sure that you could inspect the HTTPS traffic, by monitoring the packet after it is decrypted by the webserver. Typical good deployment is like this:
User -> HTTPS traffic -> load balancer / reverse proxy (decrypt https) -> NGFW / UTM (allow only 80 / 443 and IPS function) -> web server.
The NGFW / UTM can be set into IDS / IPS function and thus you could see if there are any HTTP / HTTPS access that contains exploit.
Go for NGINX open-source and some UTM brands such as Baracudda, Hillstone or Fortinet to be able to monitor those web access.
Cybersecurity doesn't need to be expensive.