Information Security Help!!!

Protecting your Linux box

Information Security Help!!!

Postby securitykid » Thu Nov 15, 2007 10:58 am

Hi Guys,

I created a new Topic called "Information Security Help!!"

Everyone is invited to post their questions related to Information / Network Security.

Maybe:

As Career
As Profession
As Challenge
As Geek
As Help!
As Learner

Etc........

Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby lambda » Thu Nov 15, 2007 1:42 pm

help! my security is insecure!
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby securitykid » Thu Nov 15, 2007 1:58 pm

Argue with idiots, and you become an idiot. :), I like your signature
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby x2oxen » Thu Nov 15, 2007 3:20 pm

It is not just a signature.. It is a warning whos argueing to em! :lol:
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby x2oxen » Thu Nov 15, 2007 3:41 pm

Hay bro why dont you go for a catatagory with the name of Information security help! rather than a topic with the hlep of Admin! It will be a better idea so we will be having several posts and topics there to discuss and will not mess up in a sigle post
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby securitykid » Thu Nov 15, 2007 4:20 pm

Hmm good idea,

But seems like security is not that favorite :), so lets stick with one topic then we will have more
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby x2oxen » Fri Nov 16, 2007 3:39 am

okzz kid! but now a days am very security consciouse due to having alot of attacks on my server! Whenever i look at my server logs i get to see so many unsuccessful ssh tries with so many different names and attacks as well.. Don't have much exposure bout security yet so hope will get alot through this thread! After your reply am gonna ask you real interesting question!
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Re:

Postby LinuxFreaK » Fri Nov 16, 2007 8:06 am

Dear securitykid,
Salam,

FYI, http://www.securitydocs.com

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby x2oxen » Fri Nov 16, 2007 6:04 pm

To Security kid & Freak!

What steps should be taken to secure a server(web, cache, mail, dns etc) or any linux machine newly installed with no configuration of firewall.

Suppose i have installed a apache web server on linux with no firewall enabled. So what are the major steps i should be taking to secure that server from any kind of threats atlest more than 90% or you can say 100%
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby sameer666 » Fri Nov 16, 2007 6:33 pm

you should get yourself familiar with different type of attacks, that can be lanuched. try to build up your basic security concepts first, if you already know about them then just keep reading. as a general thumb rule:

1) shutdown all the services you don't use.
2) apply all the patches.
3) google for securing apache/dns/mail, there are many docs online.

and by the way there is no such thing as 100% secure, if some one is patient enough and have the drive he/she will find a way. and if everything all the safety measures are taken, the weakest links are still humans.

http://news.bbc.co.uk/1/hi/programmes/c ... 977134.stm


p.s.

try to ask a directed question which will be more easy to answer than a broad general question
Novice at heart
sameer666
Naik
 
Posts: 82
Joined: Tue Nov 06, 2007 5:31 am

Postby securitykid » Fri Nov 16, 2007 11:20 pm

Agree with Farrukh,
Agree with Sameer,

BUT question is how many of those google's are written by Pakistanis?, despite enormous talent & knowledge. Are we afraid to share? or we just don't wanted to? BUT still there are some making Pakistan proud.

You will find one here: If you know Juniper Networks one of the leading Security Appliances Company, Please take a look on URL:

http://www.masterofit.net/index.php?filter=deck&cid=1
PS: Leave comments for him after listening to his interview

Back to the question ask by Usman for SSH:

Install a FIREWALL :) kidding its a pinch of a finger job to fool most of the firewalls

1) First as Sameer said keep your box update mean keep it patched I am sure you know how.

2) Keep the following in mind when you Install / Configure SSH Server:

=> Disable direct root access
Explanation: Disable root(user) access to SSH by this you will safe the server with the vulnerabilities which allows HACKERS to brute force the root password using SSH. You can login with any normal user and then switch to root.

=> Change SSH Port to higher then 7999 example 9000

Explanation: This will help against the Trojans which scans for vulnerable SSH boxes, they usually try with default ports. Also may protect against novice hackers like me ;)

=> Limit access from only specific IPs

Explanation: This will only allow access from specific source IPs that you configured

=> Use strong Password

You may use the software which will create a safe password for you but it will be surely hard to remember, so YOUR CHOICE.


I am sure with above you can achieve maybe 90% still away from 100% (which no one can achieve I agree) but we can close the gap with followings:

Deep Inspection Firewalls
IDS / IPS
Vulnerability Scanners

All above can be achieved using great silly Linux :)

Thanks
Last edited by securitykid on Fri Nov 16, 2007 11:26 pm, edited 2 times in total.
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Fri Nov 16, 2007 11:22 pm

Back to your next question:

You should learn about attacks I agree with my friend's suggestion

Question is are you really sure that you are using all those services?

Thanks
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby x2oxen » Sat Nov 17, 2007 1:13 am

Thanks for your comprehensive reply guys. And one thing more i would like to add up that we should use PGP and Public-Key Cryptography rather than plain passwords for remote logins that will make our systems far away secure than using plain passwords.

Anymore suggessions on that??
Last edited by x2oxen on Sat Nov 17, 2007 6:48 pm, edited 1 time in total.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby x2oxen » Sat Nov 17, 2007 1:15 am

Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby kbukhari » Sat Nov 17, 2007 2:35 am

--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest