Security: General Advices

| | | |

Manny people think: "My machine cannot be hacked. There are so manny computers over internet, why would happen this to me? Also I've taken some security measures. It will not happend to me."

Well try not to think that way because is bad. If we make an experiment and setup a server, exposed to the internet, and monitor only auth.log file, which
is responsable for logins, we'll see every day breaking attempts to that server. And that's only for SSH. But there are many ways to hack.


Is sad to say that many servers exposed to the internet have to little security, in fact most of them have the default security offered by the operating sistem
installed.



FreeBSD (and also OpenBSD) offer good security by default. This is good. But this is not enough, when we are dealing with servers. Even if we install a simple router, we have to configure firewall to DEFAULT TO DENY mode, for example. What's that? We'll discuss this issue later.


Ok, let's discuss some more practical ideas. The following ideas are rules that must be implement into your server security.


1. Keep up with Security Advisories. So you will know when to patch your kernel, or an application that become vulnerable.


2. Do not forget that most attacks are successful now by web, using HTTP port 80. So Always be sure to update/patch  your web server with the latest version. If you use scripts, like PHPBB or Awstats, read security advisories, always update your scripts to the last version (there was security issues discovered in
this scripts, machine was compromised). Also security problems were found in PostNuke cms modules but those are only examples, you shoud verify every script
you run on your server. Search for Security Advisories, there are a lot of valuable informations on the net.

3. Use Jail to restrict machine processes.  Users with privilieges will be limited to jail.

4. Disable SSH access for users, disable ftp which is an old (unencrypted service), if ftp is needed use ftpchroot.


5. Use private keys for SSH Login


6. Check for open ports (with nmap for example) to see if any strange or unneeded ports are open.

By freebsdonline.com


Bookmark/Search this post with:
delicious | digg | vigillar | reddit | magnoliacom | newsvine | furl | google | yahoo | technorati | icerocket | pubsub
printer friendly version