Protect Your Web site from defacement.
Let's face it: We live in an Internet world. Many companies only have
an Internet presence. They don't even maintain a physical storefront.
You get only one chance to make a first impression. How would you feel
about doing business with a company that couldn't even protect its own
Web site? I know I'd think twice before entering my credit card number.
As a company you must protect your Web site against hackers and have a
way to recover when and if you are hacked. WebAgain provides a way to
automatically recover your Web site if this happens, but it is not a replacement
for properly securing your Web site in the first place.
WebAgain works by keeping a backup copy (or copies) of your Web site.
You publish your site to the WebAgain server and it publishes to your
Web servers. It monitors your Web server for unauthorized changes and
quarantines all unauthorized file modifications in addition to republishing
the original information from backup. Unauthorized file modifications
may include adding or removing files, re-routing links, and changing text.
You can configure how often and with what depth WebAgain should scan your
site for changes. WebAgain can publish to multiple locations making it
easy to maintain mirror sites or to use load balancing.
According to the product documentation, WebAgain will install on any
Pentium grade or higher computer. For testing purposes I installed it
on an AMD K6 550 MHz and it ran fine. WebAgain will run on NT 4.0 SP3
and Windows 2000, but it does require IE 4.0 or higher. You can install
WebAgain on the same computer that hosts your Web site or on a separate
WebAgain has two components - WebAgain Server and WebAgain Administrator
(see figure). The Administrator can be installed on any computer running
Windows 98 or higher. I installed it on NT 4.0 SP6a and Windows XP without
any problems. I like that you can password protect the WebAgain Administrator
and that you can restrict its use to certain IP addresses. This provides
an extra level of security.
The installation of WebAgain is a breeze. Immediately after installation
you are prompted to configure your first website. This is fairly straightforward,
but you may get confused if following along with the product documentation,
as the steps in the documentation aren't complete. However, Lockstep includes
a product supplement guide that explains the new screens that appear during
|The WebAgain Administration Console. (Click image to
view larger version.)
In early versions of WebAgain, you had to create the backup copy of your
site by manually publishing your Web files to the WebAgain server. This
is accomplished via FTP, a shared folder, or Front Page Server Extensions.
This can be time consuming depending on the size of your Web site. WebAgain
2.0 supports Harvesting, which automatically imports your Web site into
WebAgain during Web site configuration. This keeps you from having to
manually create the backup copy.
One of the shortcomings of WebAgain is that it interferes with using
Front Page extensions to perform live editing (changes are immediately
saved to the Web site versus being saved to a local copy of the Web site
and then published). When performing live editing not all FrontPage options
will work, such as task list and navigation views (see product documentation
for a complete list of unsupported features). You must perform live editing
on WebAgain's copy of the site and not on the actual site. If you make
the changes on the actual Web site, WebAgain will see the changes as unauthorized
edits and will quarantine your changes.
I think that WebAgain is a good product. It provides many useful features,
such as SNMP and e-mail notification when your Website has been hacked.
It makes it very easy to roll back your Web page to an archived version
and it works well with mirrored sites. I found the Administration Console
easy to use. It has an Outlook feel to it. My only complaint is that most
options are accessed from the Menu Bar. I prefer the right-click mouse
button. I found myself wanting to right click when I had to click on Tools
instead. Overall, I'd recommend WebAgain to anyone wishing to protect
their Web site from defacement.
Chad Todd, MCSE, MCT, CNE, is the author of Hack Proofing Windows 2000 Server by Syngress Publishing. He is the co-owner of Training Concepts, which specializes in Windows 2000 and Cisco training.