hi all again,
i am thinking on security... Because it is very important for me and sure for you..
I didnt have any dedicated servers... :( But i have a cable connection... :P
i think you say someting about how can we ( or i ) secure a dedicated server..

i am looking on sm servers list... i see that there is an option...
Which is " SnapGear PCI630 internal firewall"... is it enough for securing a dedicated linux 9.0 server...?
dns, http, mail and mysql will be in use...

First of all what must we ( or i ) do getting started a dedicated server for security??

i think you have some tricks for all of us (or me).. :)
thank you.

eh? Firstly there's a lot of busy people on this forum, and they don't always have time to re-read the post a few hundred times.
Try posting your questions in a structured form:

1) Question 1
2) Question 2

etc

Because at this time I can't quite see what your question is? I think its something about securing your machine, in which case you can find information on this by searching the forum:

http://www.webhostingtalk.com/search.php?s=

Please Note:
If you can't handle a dedicated server, go with a Reseller Account whilst you learn Linux/Windows administration, and then get an experienced Admin (whether in-house or outsourced) to help you setup and manage the server(s).

JUST a firewall is not enough. You probably should pay a server management company to help secure your server if it is that important to you. Either that or spend the time to learn everything you can about it. A good firewall, intrusion detection system, log analyzers, are good places to start.

Hi,

I also have no any experience in managing a dedicated server. I do have four years in reselling hosting plans.

I also ask how to get start with a dedicated server for a few times, the answers is always a bit frustrating - "you have no experience, go with reselling hosting plans".

If I had got assistance, I would have had purchased a dedicated server long time ago.

Actually I don't want to resell hosting plans years by years. Maybe next year I ask how to get start, I am afraid that the answer is still the same - "go with reselling".

Any other forums that can really get help for the newbie?

Thanks

-----------------
seekhosting

Firewall is a good place to start as it is a first line of defence against any external attack. However, it is not the only way of securing the system.

One important thing would be not to keep your password too simple and do not have it lying around somewhere where someone might be able to extract it from you. Best method would be to keep it in memory and have it alphanumeric. This makes it a little more difficult to enter your server through brute force.

Ensure you have a good anti-virus software installed as trojan and viruses may not be stopped by the firewall and can cause problem from within.

Ensure that the server is used exclusively as a server and not for download files as anything downloaded and extracted might pose a threat to the server.

Ensure that you lockdown all services which you do not use.

It is important to ensure that you apply all security patches and kernel/OS patches as and when they are made available. Ensure that you only download those patches from legitimate places. Some trojan may disguise themselves as patches and thereby taking control of your server.

Take a proactive stand and do not assume that the initial security work is sufficient as those out to create havoc would look for security holes and new ways of penetrating your server. Check all logs and statistics periodically and scan for anything which looks suspicious.

thank you all :)

The os of your choice probably has a good book you can buy.
Also check out the website first (Redhat has some in house guides that introduce you to security)

And what Eddy said is true, when you think you got the server secured, be on watch all the time to see if everything is still allright.
Patch early, patch often.

So from here:
1 Eliminate unused services
2 close all ports except those you will need (make a checklist of these and check from time to time if they are still closed, as a trojan or other breakin can leave ports open)
3 Get a good firewall to check the other ports (packet firewall)
4 Patch your box whenever patches come out
5 use strong passwords and be sure to give all users on your box the lowest privileges that they can have and still work (this goes for services like apache and FTP too)
6 set up some IDS like tripwire (tripwire keeps a list of files and notifies you if a file gets altered)
7 Keep backups in case the box gets botched
8 Only communicate with the box using encryption (like ssh, sftp) when sending passwords

Here's mine....

SECURITY CHECKLIST:
Latest OS you can live with
Stay current with patches
Security tools/add-ons
Determine which network services you need to run and configure others out.
Do you need to run inetd at all?!
Add tcp_wrappers to /etc/inetd.conf
Review /etc/syslog.conf and log both locally and remotely.


ADVICE:
-- Be proactive and timely with patches
-- Watch your logs
-- If machine purpose changes, rerun your checklist

Regards

Yes and keep in mind that most break ins happen because of laxity at some point.
Using easy passwords, not patching things.

Leaving services open that can be exploited.
As said before, make a checklist and stick with it

Greetings:

For RedHatLinux:

* Disable telnet.
* Limit SSH access to specific IP addresses.
* Disable direct root login.
* Remove unnecessary packages / software.
* Harden the kernel against synflood and basic DOS attacks.
* Remove common user access to compilers and fetching software (wget, fetch, lynx, etc.).
* Ensure /tmp is in its own partition with noexec, nosuid.
* Ensure kernel and software is up to date.
* Remove unnecessary users and groups.
* Install chkrootkit, logwatch, tripwire.
* Install a firewall, and port scan detector.
* For Apache servers, install mod_security and configure for use with FrontPage, PHPMyAdmin, Site Studio, and other H-Sphere applications.
* Secure DNS Servers


Windows 200x:

* Disable telnet
* Limit Terminal Services to specific IP addresses.
* Make sure the system is at the right patch level.
* Do not store the LM version of the password hashes in addition to the NTLM ones in the SAM db
* Harden TCP/IP stack against denial of service attacks.
* Go through the SAN's top 20 vulnerabilities http://www.sans.org/top20/#W1
* Close all unnecessary ports with an eye towards http://isc.sans.org/ recommendations.
* Review current incidents, advisories, and current activity at http://www.cert.org/ as how they apply to Windows 200x, and take action as appropriate
* Follow http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist/iis5chk.asp
* Follow http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bestprac/dosatack.asp
* Set up Group Policies to Restrict Programs such as those used by MBlast and Sobig
* Set up simple firewall using built in TCP/IP filtering

Thank you.

Originally posted by dynamicnet
Greetings:

For RedHatLinux:

* Harden the kernel against synflood and basic DOS attacks.




Can you do this with up2date or do you have to do this manualy and if so, do you have a link with info?

Thanks alot again....

nice thread Thanks alot for the information. :)