Creating a Web Test Environment in Windows - Final Security Considerations
(Page 4 of 4 )
As the Security Console shows you, there is a vulnerability in the FileZilla FTP server. There are a few ways to handle this. First, if you don't intend to use the ftp server, you can simply disable it. The same goes for the Mercury Mail server if installed.
Close your browser now, and double click the XAMPP icon on your desktop to start the XAMPP Control Panel. Here you have quick access to all of the components.
You can start and stop the various services quite easily from here. You can also click the Admin buttons for quick access to the control programs. Click the button to open FileZilla's administration utility.
The first thing you should do is secure this utility. Click the Settings button on the toolbar. Now select Admin Interface settings in the navigation pane to set an administrator password.
Next, click the Users button. XAMPP creates an account called newuser during the installation to test functionality. This account does not have a password and could present a vulnerability. You have two choices. You can set a password for this user or in most cases just delete it.
If you have the Mercury Mail server installed, you should follow similar procedures to protect it. Again, the test user can simply be deleted.
You now have a fully operational web server for local testing or serving web pages. Your web root is a folder called htdocs located in the XAMPP directory you chose during installation.
In my next article I'll take you through some of the steps necessary to configure this setup more like a traditional web server. I'll also show you how to unlock its true potential as a test environment.
If you're planning on running this as a public web server or a local intranet, I'll also show you what other security precautions you need to take into consideration. Until next time...
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
