1 |
On Tue, 04 Jul 2006 18:56:02 -0400, Grant <emailgrant@×××××.com> wrote: |
2 |
|
3 |
> It has come to my attention that a particular person I know may be |
4 |
> intent on attacking my server/website in any way possible. He doesn't |
5 |
> know much about Linux but does know Windows. What kind of things |
6 |
> should I lock down to protect my remote hosted server? I don't have |
7 |
> time to get too crazy with security right now, but what kinds of |
8 |
> simple tricks might this fellow learn by asking around on forums, etc? |
9 |
|
10 |
A Windows guy has all of the techniques/tools that a 'nix guy has - he'll |
11 |
figure out what servers you have, which ports, which software, what |
12 |
vulnerabilities ...... all of it. He'll even use some of the same tools |
13 |
(e.g. nmap). |
14 |
|
15 |
If your server is misconfigured (e.g allows root logon); if passwords are |
16 |
trivial; if software is out-of-date with known vulnerabilities; he could |
17 |
break in and deface the site; erase the OS; install a root kit and hide a |
18 |
key logger............................. |
19 |
|
20 |
|
21 |
Suggest that you shut this thing down 'til you have a security plan that |
22 |
you understand, and with which you are comfortable. |
23 |
|
24 |
If that is not possible, then implement the items mentioned earlier, and |
25 |
additionally assure: |
26 |
|
27 |
1. that your passwords are at least 15 characters long with capitals and |
28 |
numerics. A repeated password is fine (e.g. gentoo becomes |
29 |
gEnt0*gEnt0*gEnt0*) |
30 |
|
31 |
2. that you can easily and confidently restore your backups (you do have |
32 |
backups!?) |
33 |
|
34 |
3. that you can tell if you've been hacked (e.g. samhain, tripwire). |
35 |
|
36 |
4. And that your software is up to date. |
37 |
|
38 |
After that, you can look into IDS, Trojan scanning, chroot jails, |
39 |
hardening, and other things that servers under attack might consider. |
40 |
-- |
41 |
gentoo-user@g.o mailing list |