'Warning, i know NOTHING about Server Admin and Security Issues, Please Bear With me :))

That Being Said.....

How does one Secure a Server, from Breaches, and Such.

A good example would be, if i had CreditCards stored on my server, obviously there cant be any room for error.

What do you do to Make it 100% Secure?

Installing a FireWall is on Option?

What else can one do?


I'm hoping to learn these kinds of things.
I'd appreciate any help
:D:D:D:D:D:D:D:D

Well first off, there is no such think as 100% security!

Now, the best way you can help maintain security, is through keeping your software up to date.

Also, you need a way to know if someone broke in, Tripwire, would be a big helper in that department.

Originally posted by RunOfTheMill
What else can one do?

Taking the server offline should secure it pretty much 99.999% :D

lol, thanks alot Kiwi.


JTY, thanks for the advice.
BUT.

You asy make sure the software is up to date.
The thing is, what type of SOFTWARE?
Which particular software should i use to secure my server?

Heh, told ya, i dont know ANYTHING.

Thanks
:D

Originally posted by RunOfTheMill
A good example would be, if i had CreditCards stored on my server, obviously there cant be any room for error.


The only iron-clad protection is to keep highly sensitive information off a public server. But as JTY said, at minimum you should keep current with security patches for your system software, etc.

A thorny subject. . . that's why security has become it's own career path in the IT field.

Hi!

Go buy every Security book you can and read every web site you can. Then throw out everything you learned becuase by the time you are done all your knowledge is obsolete.

For starters I suggest getting this DOC from Ensim, it is more for it's WEBppliance but should give you a good start and has great links.
http://www.ensim.com/pdf/webppliancels/webppliancels2.4_server_security_basics.pdf


My favorite article is still http://www.enteract.com/~lspitz/linux.html

I think http://packetstormsecurity.org/ is a good place to start. :D

My big thing is permissions. Evaluate key files/directories and determine who needs access to what. A file or directory should never be open to users who don't need access to that information.

A prime example is that there are so many hosts where you can access files in other user's directories. This is very bad IMO, but it happens so often. A lot of times they turn off the world-read bit on the /home directory itself so you can't see the other home directories, but often times you can go right in and get what you need. Or, you have a CGI/PHP script do it for you.

As far as your question about which software to keep updated -- my answer is all of it. Everything. Especially security-related updates. Subscribe to BugTraq, and other relevant lists, and in general just keep up with the latest holes, exploits, and patches.

I'd also recommend an suid audit. Find all suid programs and, if not absolutely necessary, kill the suid bit.

Unfortunately most Linux distributions come with tons of suid programs, most of which aren't necessary (you don't need users mounting the CD-ROM, or using the printer, or performing system backups). They also generally come with very lax permissions, many things readable that probably shouldn't be.

Now, if this machine will NOT have users on it, you can probably feel a little bit safer (only a little). But still, lock it down, and tight. This really goes for any server, but extra care should be taken if you'll have sensitive information -- especially that belonging to other people who are trusting you with that information.

Finally, yes, run a firewall and only keep ports open which you need open. You'll also want to disable any services you aren't using. Personally I kill IDENT and reject it in the firewall (so clients don't have to wait to time out). 'rpc', and a number of other things don't need to be listening for connections unless you're using them.

Hope this helps.

Security ....just a few things to consider.

Eliminate all services that are uncessary--finger, pppd, apmd, appletalk, ntalk, everything that is not vital to the machine.

If possible, eliminate all TCP/IP connections to databases. This is very important if storing creditcard data in something like MySQL. Wihtout TCP/IP, the hacker would have to get local access and create a MySQL socket to get into the database.

Install Tripwire and monitor what files get changed -- I do not reccommend using the scaled-back config files -- take the time to fully customize tripwire for you box.

Install logcheck, which will notify you of any supscious activity showing up in the logs.

Install bigbrother or similar monitoring software to keep tabs on when services are up and down. If something spirals down and there is not a cron job to restart it, then you will know if someone is starting/stopping services -- this is often required to install certain types of trojans.

Do not use telnet or FTP. Use SSH for all file transfer and terminal connections.


Configure firewalls to restrict traffic for only the ports necessary.


Run Nessus to look for holes.


Keep up with updates and exploits.

Use cgi-wrappers if virtual hosting.

Make sure no cgi's ever run as root.

Configure PHP, Apache and identd to return dummy or no info to would be hackers.

If you do not know how to do these things, then don't! False security is almost as bad as no security. For example, you miss configure tripwire and never notice that /etc/passwd was changed, so you never see that your lpd now has uid=0 and a shell. :D