Re: Issues with web/ADSL installation

From: Anders Pettersson (anders.pettersson@avitec.se)
Date: 08/13/02


To: "Federico Corridore" <federicopodista@libero.it>
From: Anders Pettersson <anders.pettersson@avitec.se>
Date: 13 Aug 2002 18:04:04 +0200


"Federico Corridore" <federicopodista@libero.it> writes:

> Hello everybody, I'm pretty new with security in general, and
> since we have just activated our web server using an ADSL line, we
> are wondering if we could run into troubles with that. We are using a
> Linux RedHat 7.3 box, with an Apache server installed.

Get on the security mailinglists for RedHat and Apache now if you have
not already done so. Install and use the "up2date" feature of RedHat
since it will help you install security patches and updates for your
system as RedHat release them.

> Do you know of any specific issues related to DSL connection that
> can affect my box? Is a DSL connection more secure than a
> classical static-IP connection?

Not really, a DSL connection can have either static IP or dynamic IP
just like any other IP connection, but IP itself is not very secure
unless you take some measures yourself.

Install some firewall on the box, iptables or ipchains perhaps (they
come with RedHat Linux, and tune it to only allow the traffic you
want. Make sure you do not run any unnecessary services, red hat likes
to run rpc and sendmail and so on, the later versions are better in
this aspect but use a tool like nmap to scan the box and check that no
ports that should not be in use are responding.

Then it might be a good idea to install snort and tripwire or similar
to guard yourself from having binaries changed without you noticing
it.

Another good idea might be to have a backup server that you can switch
to in case of emergency while you investigate/reinstall the first one.

-- 
Anders Pettersson   AVITEC AB   http://www.avitec.se/



Relevant Pages

  • Re: exim server is dead in the water
    ... then the rpm IS NOT FOR YOUR DISTRO. ... There is an apt for redhat, but one thing I found out, the apt only works on ... server stuff and going back to what I know, ... Install Debian on one box, use as email server and db server. ...
    (alt.os.linux)
  • Re: RedHat Enterprise 5.0
    ... DESKTOP of RedHat, as the server simply hosts D3 and my application. ... these servers apart from install Linux, install all software updates, ...
    (comp.databases.pick)
  • Re: problem with Redhat ES 3 update 4 and OpenSSH_5.0p1
    ... I have to update openssh on some Redhat servers and i'm installing ... make install ... restart ssh service ... server to other with ssh. ...
    (comp.security.ssh)
  • Redhat 9.0 development environment wierdness...
    ... This is the second Redhat server I have used for our clients and I am ... How can I possibly rely upon this development environment? ... have 'failed' to configure, compile, or install properly. ...
    (RedHat)
  • Re: apache13 vs apache20
    ... I use Apache 1.3 at home and at work, it does a great job, and modules are ... The server is console only, ... SK/worms attacks (1 every 5minutes on my home DSL connection a bit more at ... Trim down the default config, install ...
    (comp.unix.bsd.freebsd.misc)