Ignorance must have been bliss in 1969. Around this time, the continental network that became the Internet was just forming. (RFC 1 was published by Steve Crocker on April 7th.) Life for a system administrator back then was a lot simpler – there was implicit trust between a computer owner and the people that could access it via the network. There were no hackers, because the people building the network were the only ones that could use the network.
Fast forward to 2004. The same architecture that simplified the deployment of the Internet now hinders it. A script kiddie can bring down any web site by forging packets – including big sites you may have heard of: Yahoo!, Amazon.com, CNN, eBay, and others. (All of these are among the 15 largest English-speaking sites, according to Alexa.)
Recently, software companies seem to have been selling the idea that keeping up-to-date on security patches will keep you safe. While it certainly helps, this isn’t going to make your system foolproof. Security problems can be caused by all sorts of other problems, including human error.
Ultimately, security is a full-time job. You can write scripts to install patches, run programs to check your traffic for unwanted activity, and scan for viruses and worms. However, if you’re not spending at least 40 hours a week reading security bulletins, testing software, and educating others, you will miss something.
Running a personal web server looks like an attractive option for many people, but when you’re figuring the cost of piggybacking on a DSL or cable connection, don’t forget to figure in who’s going to be handling your security.