On Aug 2, 2005, at 7:50 PM, Raphael Melo de Oliveira Bastos Sales wrote:
Hi there,
I was wondering what tools should I use to detect security flaws to
my server and a few tips on how to use them. What are the most common
forms of attack and how do I avoid being attacked by one of them?
The services avaliable are only Apache - SSL and SSH. I've
installed an firewall, iptables and firestarter to control it, and
blocked all ports except 443 and 8080, where the SSH is listening.
Apache has PHP installed as a module.
Want to know how secure your server is? Try and hack it!
A good port scanner like nmap should be a basic check of your
firewall. I would also set nmap (if it can do this) to perform a SYN
flood as it scans, to see if your server can withstand that basic DoS
attack. (Adding --syn to your TCP rules in iptables can prevent SYN
flooding when used with SYN cookies.) When you break in, find out
why it worked and how it can be patched.
Some things I would advise (I'm currently working on a server at the
moment as well):
- If the server is really important (or if you're paranoid), use
the hardened-sources with PIE/SSP to prevent badly-written programs
from arbitrarily executing code.
- Enable SYN flood protection. There's a kernel option somewhere
about IPv4 SYN cookies, enable that, and couple it with --syn
attached to your TCP rules in iptables. It's a very popular denial-
of-service attack.
- Whenever you need to login or authenticate yourself, make the
system delay five seconds after a bad password is entered. This will
make a brute-force attack much much slower (0.2 passwords/sec as
opposed to millions passwords/sec without a delay, depending on your
server's speed).
- Make sure iptables is set to deny all traffic that isn't
explicitly allowed.
- Turn off any services you don't need.
- Read through your logs every now and then. I highly advise
having the server burn them to a CD/floppy every now and then for an
instant backup. Get a log reader/parser, too.
Naturally, hide the server in the attic or basement. Chain it to
something, or if it has a security slot, use a security cable. Put a
lock on the case door. Unplug your floppy/CD drives if you're not
using them. As of this writing, there is no kernel option to keep
your computer or its innards from walking away. :-)
--
Colin
--
gentoo-user@gentoo.org mailing list