Is known IP-number filtering pretty much all that is needed for website security/vulnerability?

Hi

I want to get some views on security/vulnerability to hacking.

Our ISP has just put our website onto a new dedicated webserver for us.
It is running Apache (latest) on Linux. And MySQL.
We have got the thing protected by a router that has IP filtering on
it.

Basically we are only allowing point to point traffic - that is traffic

a tiny range of precisely specified IP numbers to have FTP access.

This of course means that everyone who runs the site needs to
have a dedicated IP number.

This may sound naive but do you think the above will be enough
to stop hackers from getting in?!

(e.g.
- should we buy a separate firewall box or is it enough to
just rely on the router's filtering?

- What other vulnerabilities should we be tackling.

- Is there any way of spoofing IP numbers?



Ship
Shiperton Henethe
(webmaster)