[gentoo-user] Re: Protecting my server against an individual

[dnlt0hn5ntzhbqkv51 <dnlt0hn5ntzhbqkv51@safe-mail.net>]

On Tue, 04 Jul 2006 18:56:02 -0400, Grant <emailgrant@gmail.com> wrote:

> It has come to my attention that a particular person I know may be
> intent on attacking my server/website in any way possible.  He doesn't
> know much about Linux but does know Windows.  What kind of things
> should I lock down to protect my remote hosted server?  I don't have
> time to get too crazy with security right now, but what kinds of
> simple tricks might this fellow learn by asking around on forums, etc?

A Windows guy has all of the techniques/tools that a 'nix guy has - he'll
figure out what servers you have, which ports, which software, what
vulnerabilities ...... all of it. He'll even use some of the same tools
(e.g. nmap).

If your server is misconfigured (e.g allows root logon); if passwords are
trivial; if software is out-of-date with known vulnerabilities; he could
break in and deface the site; erase the OS; install a root kit and hide a
key logger.............................


Suggest that you shut this thing down 'til you have a security plan that
you understand, and with which you are comfortable.

If that is not possible, then implement the items mentioned earlier, and
additionally assure:

1. that your passwords are at least 15 characters long with capitals and
numerics. A repeated password is fine (e.g. gentoo becomes
gEnt0*gEnt0*gEnt0*)

2. that you can easily and confidently restore your backups (you do have
backups!?)

3. that you can tell if you've been hacked (e.g. samhain, tripwire).

4. And that your software is up to date.

After that, you can look into IDS, Trojan scanning, chroot jails,
hardening, and other things that servers under attack might consider.
-- 
gentoo-user@gentoo.org mailing list