Information Security Help!!!

Protecting your Linux box
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Information Security Help!!!

Post by securitykid »

Hi Guys,

I created a new Topic called "Information Security Help!!"

Everyone is invited to post their questions related to Information / Network Security.

Maybe:

As Career
As Profession
As Challenge
As Geek
As Help!
As Learner

Etc........

Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

help! my security is insecure!
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Post by securitykid »

Argue with idiots, and you become an idiot. :), I like your signature
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

It is not just a signature.. It is a warning whos argueing to em! :lol:
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Hay bro why dont you go for a catatagory with the name of Information security help! rather than a topic with the hlep of Admin! It will be a better idea so we will be having several posts and topics there to discuss and will not mess up in a sigle post
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Post by securitykid »

Hmm good idea,

But seems like security is not that favorite :), so lets stick with one topic then we will have more
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

okzz kid! but now a days am very security consciouse due to having alot of attacks on my server! Whenever i look at my server logs i get to see so many unsuccessful ssh tries with so many different names and attacks as well.. Don't have much exposure bout security yet so hope will get alot through this thread! After your reply am gonna ask you real interesting question!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear securitykid,
Salam,

FYI, http://www.securitydocs.com

Best Regards.
Farrukh Ahmed
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

To Security kid & Freak!

What steps should be taken to secure a server(web, cache, mail, dns etc) or any linux machine newly installed with no configuration of firewall.

Suppose i have installed a apache web server on linux with no firewall enabled. So what are the major steps i should be taking to secure that server from any kind of threats atlest more than 90% or you can say 100%
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
sameer666
Naik
Posts: 82
Joined: Tue Nov 06, 2007 5:31 am

Post by sameer666 »

you should get yourself familiar with different type of attacks, that can be lanuched. try to build up your basic security concepts first, if you already know about them then just keep reading. as a general thumb rule:

1) shutdown all the services you don't use.
2) apply all the patches.
3) google for securing apache/dns/mail, there are many docs online.

and by the way there is no such thing as 100% secure, if some one is patient enough and have the drive he/she will find a way. and if everything all the safety measures are taken, the weakest links are still humans.

http://news.bbc.co.uk/1/hi/programmes/c ... 977134.stm


p.s.

try to ask a directed question which will be more easy to answer than a broad general question
Novice at heart
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Post by securitykid »

Agree with Farrukh,
Agree with Sameer,

BUT question is how many of those google's are written by Pakistanis?, despite enormous talent & knowledge. Are we afraid to share? or we just don't wanted to? BUT still there are some making Pakistan proud.

You will find one here: If you know Juniper Networks one of the leading Security Appliances Company, Please take a look on URL:

http://www.masterofit.net/index.php?filter=deck&cid=1
PS: Leave comments for him after listening to his interview

Back to the question ask by Usman for SSH:

Install a FIREWALL :) kidding its a pinch of a finger job to fool most of the firewalls

1) First as Sameer said keep your box update mean keep it patched I am sure you know how.

2) Keep the following in mind when you Install / Configure SSH Server:

=> Disable direct root access
Explanation: Disable root(user) access to SSH by this you will safe the server with the vulnerabilities which allows HACKERS to brute force the root password using SSH. You can login with any normal user and then switch to root.

=> Change SSH Port to higher then 7999 example 9000

Explanation: This will help against the Trojans which scans for vulnerable SSH boxes, they usually try with default ports. Also may protect against novice hackers like me ;)

=> Limit access from only specific IPs

Explanation: This will only allow access from specific source IPs that you configured

=> Use strong Password

You may use the software which will create a safe password for you but it will be surely hard to remember, so YOUR CHOICE.


I am sure with above you can achieve maybe 90% still away from 100% (which no one can achieve I agree) but we can close the gap with followings:

Deep Inspection Firewalls
IDS / IPS
Vulnerability Scanners

All above can be achieved using great silly Linux :)

Thanks
Last edited by securitykid on Fri Nov 16, 2007 11:26 pm, edited 2 times in total.
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Post by securitykid »

Back to your next question:

You should learn about attacks I agree with my friend's suggestion

Question is are you really sure that you are using all those services?

Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Thanks for your comprehensive reply guys. And one thing more i would like to add up that we should use PGP and Public-Key Cryptography rather than plain passwords for remote logins that will make our systems far away secure than using plain passwords.

Anymore suggessions on that??
Last edited by x2oxen on Sat Nov 17, 2007 6:48 pm, edited 1 time in total.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Here is a HOW-TO to make a network more secure

http://www.windowsecurity.com/whitepape ... ption.html
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
Post Reply