I've been pondering about this for quite a bit. I currently have a managed server solution, and I personally don't think there is anything crucial that needs to be done to a server (besides the initial server setup and occassional kernel upgrades).
Do you think it really is worth it?
(I'm thinking to just hire a system admin to do the initial system setup for about $50 or so, then kernel upgrades at $10 or so)
Security is not a one time thing you can put off. Security updates are relased all the time. You need to hire a admin to update your server on a regular basis or you will get hacked, no questions about it. Sure a kernel will help but like thedavid said what if a exploit for sshd is released, most sshd run as root, boom exploit sshd get root, kernel is doing no good there.
Steven Ciaburri | Industry's Best Server Management- Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
You are always do it your own, read books and practise, it's not hard, all detailed instructions were stated in either paper or internet. also make sure you monitor some security website, watch the news, etc.
Yup, securing the server at the offset is important but it would probably only prevent intrusion at that point of time. Viruses, Trojans, Vulnerability points are found on a regular basis and patching constantly would indeed help reduce the likelihood of being infiltrated.
It is like viruses, the reason why you need to update your antivirus on a regular basis is because new viruses are found which would pop up to foil the prior antivirus version.
Security and Server Management is a life-long process.
Originally posted by fuse1982 it's true professional admins are more experienced, but who knows your own server most? it's yourself, if you don't want to rely everything on others, you have to do it you own...
such as, eddy2099, do you hire a professional admin?
Well, being a Windows professional I currently managed my own server now since I know what I am doing. However when I had a Linux based machine earlier, I did hire a professional admin to handle that machine for me.
I will always hire a third party company to manage my servers. I truly think it is worth it. Unless you have a staff available 24/7 where the whole staff knows what needs to be updated for security on the server almost the instant its needed... You need a server admin.
My views on things are usually a few inches off of what others think, but I do think that if your going to be doing something critical you will need a server admin (unless you are one that is).
You need a server admin. Server security, understanding Cpanel and its quirks ( if you are using it ) , firewalling, port blocking etc etc. Plus you need someone who takes security seriously and work proactively with updates.
Take utmost care with the server. A hacked/rooted server can cause you a lot more problems than the cost of hiring a decent admin and ensuring things are in good shape.
Managed depends entirely on how much you know / want to know etc. We have customers who run large forums that are too big for shared hosting or virtual servers... They don't know anything about linux or really want to, alls they want to do is run their website.
If you are setting up a hosting company with managed servers, go to someone with a good reputation and if possible try and learn how to admin your own server in the mean time, even if its just setting up a linux box at home - Once you can manage your own server you can move on to an unmanaged solution without worrying as much
If you can spare like 15-30mins every 3 days. you be right.
The hardening of the server and getting everything up to date + tripwire, apf & bfd will set you down but it does take time. You spare at least a day or two. (There are tutorials on this, I done just the one or two tutorials for examples and the rest stuff you install now on and updateing is pretty much self figure)
Every two or three days (I prefer every day atleast spend 5mins on your server and a security site), quickly go view on security sites for explorits on certain stuff you have on your server. Just update them and you be fine.
Thats it, only way you get hacked if it is one of them big explorit where a whole lot get hacked unless your fast and get it patched BUT who is to say the linux admins people you hire monitor security sites 24/7 every min waiting for on to protect you against it.
IMO Do it yourself, no one cares more about your server then you. Its quite easy actually.
Been using linux for a week now. Not a pro but I have everything up to date and harden the server from few tutorials around and done a few myself.
My daily task is to read the logs/tripwire reports etc and security updates, takes like 5-15mins a day. Spend some more time and you learn
Last edited by BeerHandle; 04-24-2004 at 05:10 PM.