| 1 |
On Tue, 04 Jul 2006 18:56:02 -0400, Grant <emailgrant@×××××.com> wrote: |
| 2 |
|
| 3 |
> It has come to my attention that a particular person I know may be |
| 4 |
> intent on attacking my server/website in any way possible. He doesn't |
| 5 |
> know much about Linux but does know Windows. What kind of things |
| 6 |
> should I lock down to protect my remote hosted server? I don't have |
| 7 |
> time to get too crazy with security right now, but what kinds of |
| 8 |
> simple tricks might this fellow learn by asking around on forums, etc? |
| 9 |
|
| 10 |
A Windows guy has all of the techniques/tools that a 'nix guy has - he'll |
| 11 |
figure out what servers you have, which ports, which software, what |
| 12 |
vulnerabilities ...... all of it. He'll even use some of the same tools |
| 13 |
(e.g. nmap). |
| 14 |
|
| 15 |
If your server is misconfigured (e.g allows root logon); if passwords are |
| 16 |
trivial; if software is out-of-date with known vulnerabilities; he could |
| 17 |
break in and deface the site; erase the OS; install a root kit and hide a |
| 18 |
key logger............................. |
| 19 |
|
| 20 |
|
| 21 |
Suggest that you shut this thing down 'til you have a security plan that |
| 22 |
you understand, and with which you are comfortable. |
| 23 |
|
| 24 |
If that is not possible, then implement the items mentioned earlier, and |
| 25 |
additionally assure: |
| 26 |
|
| 27 |
1. that your passwords are at least 15 characters long with capitals and |
| 28 |
numerics. A repeated password is fine (e.g. gentoo becomes |
| 29 |
gEnt0*gEnt0*gEnt0*) |
| 30 |
|
| 31 |
2. that you can easily and confidently restore your backups (you do have |
| 32 |
backups!?) |
| 33 |
|
| 34 |
3. that you can tell if you've been hacked (e.g. samhain, tripwire). |
| 35 |
|
| 36 |
4. And that your software is up to date. |
| 37 |
|
| 38 |
After that, you can look into IDS, Trojan scanning, chroot jails, |
| 39 |
hardening, and other things that servers under attack might consider. |
| 40 |
-- |
| 41 |
gentoo-user@g.o mailing list |
Archives