My way of securing my server... Any ideas?

From: Frank Gunnar (f_gunnar_at_hotmail.com)
Date: 10/23/04

• Next message: Alan J. Wylie: "Re: My way of securing my server... Any ideas?"
• Previous message: Menno Duursma: "Re: Linux Mandrake"
• Next in thread: Alan J. Wylie: "Re: My way of securing my server... Any ideas?"
• Reply: Alan J. Wylie: "Re: My way of securing my server... Any ideas?"
• Reply: Michael Heiming: "Re: My way of securing my server... Any ideas?"
• Reply: Menno Duursma: "[long] Re: My way of securing my server... Any ideas?"
• Reply: Moe Trin: "Re: My way of securing my server... Any ideas?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Oct 2004 11:38:16 -0700

Hi,
I want to secure my server. I made a list of things I have to do. Is
this good or did I miss something important? Any ideas or
improvements?

0) delete all unnecessary programs
1) delete all unused suid programs
2) disable all unused services and delete them
3) update all programs
4) firewall: connection tracking, deny all (also from the server),
only allow necessary ports
5) enable ssh trough port knocking
6) disable password based ssh user authentication and use keys instead
7) read-only root directory and only allow to write to /tmp /var /home
8) install ids systems snort & tripwire and placing it on cd (do I
need that when root dir is read-only?)
9) apply non executable stack patch
A) secure configuration of all services
B) log collection and evaluate tool
C) castrate the kernel to disable the loading of lkm's
D) rename root account
E) incrementing backups

Questions:

8) is there any good anomaly based ids out there?
9) anybody used this patch is there any performance loss?
C) is there any mod available or do I have to write one myself?

• Next message: Alan J. Wylie: "Re: My way of securing my server... Any ideas?"
• Previous message: Menno Duursma: "Re: Linux Mandrake"
• Next in thread: Alan J. Wylie: "Re: My way of securing my server... Any ideas?"
• Reply: Alan J. Wylie: "Re: My way of securing my server... Any ideas?"
• Reply: Michael Heiming: "Re: My way of securing my server... Any ideas?"
• Reply: Menno Duursma: "[long] Re: My way of securing my server... Any ideas?"
• Reply: Moe Trin: "Re: My way of securing my server... Any ideas?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NT4 -> Win2K3 question ... disable SMB signing for the Workstation or Server service on a domain ... Get Secure! ... The File Replication Service Event log test ... controller to the following destination domain ... (microsoft.public.windows.server.migration) [OT] Re: RSA implementation, please comment. ... on a separate server is actually a very good idea, ... This web front uses a well defined and secure ... Don't store the private key on the server. ... Every client gets a smartcard for the decryption (or a HSM, ... (comp.lang.perl.misc) Re: Word 2007 Missing User Level Securitty - ARRRGGGGHHHH What were they thinking? ... File servers aren't secure? ... Access predates Windows security, ... database system has never been updated or kept current. ... the OS-based database server product, ... (microsoft.public.access.security) Re: local admin account password ... >> except its based on something specific about the server. ... >> more recovery console and don't think cached logins will work. ... >> The DB file would be encrypted with EFS so only the limited user SQL ... >> and the app itself doesn't really need to be secure as the ... (Focus-Microsoft) Re: Questions on secure remote access to Fedora Core 2 ... not secure at all, because hostnames can be forged. ... The users should generate themselves key pairs for SSH access. ... on the server, work on it, and then send it back. ... Linux-based, then Network Block Devices are a good idea, too. ... (comp.os.linux.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint