From: Josh Richards (jrichard@digitalwest.net)
Date: Mon Feb 10 2003 - 20:21:00 EST
* dented-halo@hushmail.com <dented-halo@hushmail.com> [20030210 16:16]:
>
> a customer has asked me to take a look at his web page and "poke around",
> initial investigation shows that it is hosted on a large web hosting
> companies IP# and is a virtual host off of that IP#.
Everything after the words "shows that.." is probably the first 50% of
your security review. If the site is virtually hosted there's only so
much that it can be secured. Even if your client is quite security
conscious in all aspects of the code on his individual web site he's
still got to worry about every other one of the web hosting company's
customers on that box.
> Obviously hammering that main webhosting companies box would be a no no,
> so how can i focus my security review on that clients specific box?
That's the problem -- there is no "client specific box" if it is virtually
hosted. :)
> they are using apache, not IIS.
>
> Any thoughts?
I think you've already completed over half of your security review for
this client. :)
-jr
--
Josh Richards - <jrichard _at_ digitalwest.net>
Digital West Networks, Inc. - http://www.digitalwest.net
San Luis Obispo, CA 93401 - phone://+1-{888,805}-781-9378
DWNI - Making Internet Business Better
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT