Results 1 to 12 of 12
  1. #1

    How secure is your servers?

    I'm interested to learn what methods hosts are using to secure their servers. I will reply with suggestions and opinions I am a pretty well respect IT professional in the bay area. I am CISSP, RHCP and MCSE 2000/2003 Certified.

    This is a great topic to discuss as you can get suggestions from me and others and increase your value of service.

    1) How many servers do you have?

    2) What operating systems do your servers run?

    3) What kind of protection do you have lined up to protect customers personal information during web transaction such as billing? (ie: SSL, or other protocols?)

    4) What kind of security do you have lined up to protect your servers from exploits or other malicious attacks?

    5) What kind of reporting do you have setup to analyze, identify and remediate the threat or problem?

    6) Have you consulted with CISSP professional in assistance with setting up your servers?

    7) Are you in accordance with the new laws regarding handling and security of consumer information?
    Last edited by ActivSol; 03-07-2004 at 11:38 PM.
    Sincerly,
    ActivSol
    [email protected]

  2. #2
    Seems everyone is far confident with their systems
    Sincerly,
    ActivSol
    [email protected]

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    maybe they just didnt feel like typing it out
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4

    Re: How secure is your servers?

    I will answer some..

    I'm interested to learn what methods hosts are using to secure their servers. I will reply with suggestions and opinions I am a pretty well respect IT professional in the bay area. I am CISSP, RHCP and MCSE 2000/2003 Certified.
    afaik, all these specs is nothing when it comes to security in the real world. only my opinion - I don't have any of these.

    1) How many servers do you have?

    have few, but administer a lot

    2) What operating systems do your servers run?

    mostly FreeBSD and Linux (not my choice for server, thought)

    3) What kind of protection do you have lined up to protect customers personal information during web transaction such as billing? (ie: SSL, or other protocols?)

    it is user's responsibility to protect his/her account, unless it is some serious customer (do you see many of them these days who use shared hosting?)

    4) What kind of security do you have lined up to protect your servers from exploits or other malicious attacks?

    drop root privileges whenever it is possible.
    specific - MAC for FreeBSD (TrustedBSD), grsec for Linux, filesystems ACL on other Unixes (solaris/open and netbsd)

    5) What kind of reporting do you have setup to analyze, identify and remediate the threat or problem?

    6) Have you consulted with CISSP professional in assistance with setting up your servers?

    no

    7) Are you in accordance with the new laws regarding handling and security of consumer information?

    no; if customer hosts PHP board full of holes, it is his responsibility in case account (not the hole system) gets compromised.


    regards,
    M.
    Powered by AMD & FreeBSD.
    "Documentation is like sex:
    when it is good, it is very, very good;
    and when it is bad, it is better than nothing."

  5. #5
    Join Date
    Mar 2002
    Location
    Philadelphia, PA
    Posts
    2,508
    My suggestion would be to contact thelinuxguy here on WHT (or www.rack911.com). He recently secured one of our servers, and for the price, your getting alot, he knows what he is talking about, and does quite a bit of security for his plans.
    Linux junkie | steward.io

  6. #6
    Join Date
    Apr 2002
    Location
    Philly Pa
    Posts
    130
    Damn puppy love, why you pay someone to secure your servers, you should of just called me. LOL

  7. #7
    Join Date
    Apr 2002
    Location
    Philly Pa
    Posts
    130
    1) How many servers do you have?
    4 of my own, and maintain a couple thousand.

    2) What operating systems do your servers run?
    From Slackware, to Solaris, Freebsd, Netbsd and OpenBSD

    3) What kind of protection do you have lined up to protect customers personal information during web transaction such as billing? (ie: SSL, or other protocols?)
    Billing is never done on a server out side of my pix’s.

    4) What kind of security do you have lined up to protect your servers from exploits or other malicious attacks?
    Its called doing my job. Patch and fix when a release is announced. Subscribe to all major security mailing list.

    5) What kind of reporting do you have setup to analyze, identify and remediate the threat or problem?
    Common sense. Use of my knowledge.

    6) Have you consulted with CISSP professional in assistance with setting up your servers?
    Why would I? Wouldn’t that defeat my job?

    7) Are you in accordance with the new laws regarding handling and security of consumer information?
    Sure thing. Are you?


    If he didnt post he was a MCSE, i would of guessed he was. These questions are something a MCSE would ask. LOL.

    MCSE - Must Consult Someone Else.

  8. #8
    Join Date
    Mar 2002
    Location
    Philadelphia, PA
    Posts
    2,508
    Hey Chris Didn't you know you still come around here. Will you be attending the PSR event at Hooters in Maple Shade?

    TheLinuxGuy really knows his stuff, I feel confident in securing servers, however this guy is a pro, and knowing that you have someone talented doing this type of work, makes you feel that much more secure
    Linux junkie | steward.io

  9. #9
    Join Date
    Apr 2002
    Location
    Philly Pa
    Posts
    130
    I'll remember that next time you need a shell ;P

    I maybe there, depends if we get a baby sitter or just I come.

    And what you trying to say... I dont know my stuff?

    Thats it.. im not bringing my dog with me.

  10. #10
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    Hehe dont fight now
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  11. #11
    Join Date
    Apr 2002
    Location
    Philly Pa
    Posts
    130
    heheh ;P vigor and i go back. he loves my dog. and i mean loves... dont let him near your dog.

  12. #12
    Join Date
    Apr 2002
    Location
    Philly Pa
    Posts
    130
    i applied for rack911 but i guess you dont think i know my stuff either,


    /me runs to his corner and cries.

    ;P

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •