Re: server securityJun 21 2012 04:34PM Mike Hale (eyeronic design gmail com) (4 replies)
"Putting it on some other port reduces your risk"
It doesn't really reduce your risk, since you're still as vulnerable
as you were before.
What it does is reduce your log entries. That can be worth the added
administrative cost of changing standard ports, but it's not really a
'security' measure.
On Wed, Jun 20, 2012 at 4:44 PM, Alex Dolan <dolan.alex (at) gmail (dot) com [email concealed]> wrote:
> One tip I have is to set SSH to a port other than 22, I don't need to
> tell anyone how devastating it is if someone did actually get access
> to that service. Putting it on some other port reduces your risk
>
> On Thu, Jun 21, 2012 at 1:27 AM, Littlefield, Tyler <tyler (at) tysdomain (dot) com [email concealed]> wrote:
>> Hello:
>> I have a couple questions. First, I'll explain what I did:
>> I set up iptables and removed all unwanted services. Iptables blocks
>> everything, then only opens what it wants. I also use the addrtype module to
>> limit broadcast and unspec addresses, etc. I also do some malformed packet
>> work where I just drop everything that looks malformed (mainly by the
>> flags).
>> 2) I secured ssh: blocked root logins, set it up so only users in the
>> sshusers group can connect, and set it only to allow ppk.
>> 3) I installed aid.
>> 4) disabled malformed packets and forwarding/etc in sysctl.
>> This is a basic web server that runs email, web and a couple other things.
>> It's only running on a linode512, so I don't have the ability to set up a
>> ton of stuff; I also think that would make things more of a mess. What else
>> would be recommended?
>> Also, I'm looking to add something to the web server; sometimes I notice
>> that there are a lot of requests from people scanning for common urls like
>> wordpress/phpbb3/etc, what kind of preventative measures exist for this?
>>
>>
>> --
>> Take care,
>> Ty
>> http://tds-solutions.net
>> The aspen project: a barebones light-weight mud engine:
>> http://code.google.com/p/aspenmud
>> He that will not reason is a bigot; he that cannot reason is a fool; he that
>> dares not reason is a slave.
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
It doesn't really reduce your risk, since you're still as vulnerable
as you were before.
What it does is reduce your log entries. That can be worth the added
administrative cost of changing standard ports, but it's not really a
'security' measure.
On Wed, Jun 20, 2012 at 4:44 PM, Alex Dolan <dolan.alex (at) gmail (dot) com [email concealed]> wrote:
> One tip I have is to set SSH to a port other than 22, I don't need to
> tell anyone how devastating it is if someone did actually get access
> to that service. Putting it on some other port reduces your risk
>
> On Thu, Jun 21, 2012 at 1:27 AM, Littlefield, Tyler <tyler (at) tysdomain (dot) com [email concealed]> wrote:
>> Hello:
>> I have a couple questions. First, I'll explain what I did:
>> I set up iptables and removed all unwanted services. Iptables blocks
>> everything, then only opens what it wants. I also use the addrtype module to
>> limit broadcast and unspec addresses, etc. I also do some malformed packet
>> work where I just drop everything that looks malformed (mainly by the
>> flags).
>> 2) I secured ssh: blocked root logins, set it up so only users in the
>> sshusers group can connect, and set it only to allow ppk.
>> 3) I installed aid.
>> 4) disabled malformed packets and forwarding/etc in sysctl.
>> This is a basic web server that runs email, web and a couple other things.
>> It's only running on a linode512, so I don't have the ability to set up a
>> ton of stuff; I also think that would make things more of a mess. What else
>> would be recommended?
>> Also, I'm looking to add something to the web server; sometimes I notice
>> that there are a lot of requests from people scanning for common urls like
>> wordpress/phpbb3/etc, what kind of preventative measures exist for this?
>>
>>
>> --
>> Take care,
>> Ty
>> http://tds-solutions.net
>> The aspen project: a barebones light-weight mud engine:
>> http://code.google.com/p/aspenmud
>> He that will not reason is a bigot; he that cannot reason is a fool; he that
>> dares not reason is a slave.
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]