Friday, October 31, 2008

10 Important Steps to Secure Server

Sometimes it is possible that your server is compromised, but the actions made by attacker do not affect your server functionality, so you may never find that your machine was compromised.

So, is good from time to time to check your server security, to see if any strange activities/processes are in your system.

Following are the ways to secure your server:-

1) Use a Firewall

Make absolutely sure that your server has a firewall running all the time. A firewall is like a screen door to your porch. It blocks out flies, rodents and other pests but you can still walk out and use your BBQ. If someone ever were to get into your server, which is very very likely, the first thing they're going to try and do is upload something to start a daemon or their own service like an IRC server or use a port to launch attacks to other systems. A firewall with egress and ingress protection can stop both incoming and outgoing attacks even when you're not aware of it. We recommend using APF on Linux systems or TinyFirewall on Windows Servers. These are software firewalls so there's no extra monthly cost like a hardware firewall. For very busy systems a hardware firewall is recommended so it takes the burden off your system CPU/RAM and resources to do the work.

2) Update your kernel and OS

Make sure your server is using current, updated software. Use the stable version which has been tested more than any beta and update as soon as possible. An old kernel can lead to an easy target for your server. If you're not sure then ask your provider for the latest update.

3) Monitor Logs

Do you know what logs record which activities? How often are they updated and rotated? LogWatch is a great tool to email you the daily reports of your systems activity of anything it determines unusual, EG repeated failed logins. Besides using this you should check your logs manually to see what’s up. Tail –f /var/log/messages and view your Apache logs as well. Apache Log Files Explained

4) Backups

I still never understand why no one backs up their data yet you spend hundreds of hours working on your website or application then you absolutely must have a second hard drive for backups or use a remote back up system or a combination of these. Second Hard Drive Means Life or Death

5) Limit Access to a Minimum

Do not give users more access than the absolute minimum they require. Never give them shell access, restrict file access to a bare minimum and leave other services turned off by default until specifically requested and you determine that its safe to do so.

6) Lock down PHP and use Mod_Security with Apache

PHP is actually a large security risk but there are a few things to do to help lock it down. CGI has Suexec,which helps runs proccesess as the user and PHP has something similar called PHPSuexec but there are a few downfalls. You should also use open_base directory protection, have safe_mode on system wide, turn off register_globals, enable_dl and allow_url_open to help lock things down further.

You can use server wide protection with mod_security, a web server filter that can watch all requests to see if they match a rule and react by logging, denying the request or other programs. I highly recommend this on Apache based servers and can be extremely useful in blocking attacks and stopping hackers before they do any damage. Securing Safe Mode , Installing Mod_Security

7) Lock /tmp /var/tmp and /dev/shm partitions

On Linux each partition can have certain access restrictions. Since /tmp /var/tmp and /dev/shm are world writable directories they’re often home to uploads, sessions storage and hacker executables. Since anyone can read-write-excute anything from these directories it becomes a major security concern. With /etc/fstab however you can limit what can be done in these locations. If you see defaults beside the /tmp line remove it and replace it with noexec,nosuid this will stop any executables from being allowed to run. Do the same for /dev/shm and make /var/tmp and shortcut (symbolic link) to /tmp. Securing Your TMP Partition

8) Intrusion Detection System (IDS)

An intrusion detection system or IDS is like a burglar alarm on your server. It keeps a record of which files were changed when and alerts you of anything new or altered. This is critical because hackers usually try to replace binary applications like ps, top, netstat and others. This means when you run this new version of ps or top to see processes running they make it so it actually HIDES their hacker software, even though its running it won’t show up. Some IDS systems include TripWire, Snort and AIDE. Installing Chkrootkit

9) Review Processes Running and Remove Extra Software

You can’t protect a system if you don’t know what’s on it. If a hacker adds an extra process that you see in PS but you wouldn’t notice if you didn’t know what should be there usually. Know what runs on your system and why which user. How does Perl or Apache run, under which user? You can check your processes usually with top or ps auxfww which gives you a tree view. Check these every time you login to your server. Getting started with Shell (SSH) , Common Shell Commands

10) Keep an Eye on the Servers Performance

Know what speed your server is running at and how much bandwidth it uses on a daily basis. If an attacker compromises your system and you don’t know you’ll probably notice the system responding slowly or using a lot of bandwidth. If you don’t know what your system is usually like how will you notice something out of the ordinary.

Via: webhostgear.com/314.html

Thursday, October 16, 2008

Securing Windows 2003 Server System

If your server is running Windows 2003 Server Edition, you need to make a few changes to help keep your server and client machines safe. This page is written with the assumption that you're a system administrator running an on-campus server; some of the following resources may not be available from off campus.

Essentials
  • Keep your system and software up to date:
  • This is one of the easiest, most effective things you can do to keep your computer secure. You can either update manually with Windows Update, or configure your systems to download updates automatically from the campus WSUS server, which provides critical Microsoft patches from an on-campus location. You can choose whether the WSUS server prompts you to confirm installations or whether patches are automatically installed.
  • Install antivirus software:
  • The vast majority of viruses are designed to affect Windows systems. The University of Illinois at Urbana-Champaign provides free site-licensed antivirus software that is configured to automatically update itself and protect your system.
  • If you are a campus system administrator, you can also use ePolicy Orchestrator to coordinate distributing antivirus updates from your server to the client machines that you supervise. More information about ePolicy Orchestrator is available from the CITES Security Services Archive and requires Bluestem authentication to identify yourself as a campus system or network administrator. The list is maintained through Contact Manager. If you need to be added to the list of people authorized for access to the archive, but aren't listed in Contact Manager, contact securitysupport@uiuc.edu.
  • Install anti-spyware software:
  • Many of the nuisance-level problems afflicting Windows computers are caused by spyware rather than viruses. Spyware can cause effects ranging from a noticeable slowing of your computer to pop-ups and hijacked web browsers; spyware can also be malicious, reporting personal information from credit cards to passwords to other unauthorized websites. Fortunately, the campus has site-licensed anti-spyware software for students, faculty, and staff. For more information, see the CITES Anti-spyware pages.
  • Install Service Pack 1 (SP1) and the Security Configuration Wizard (SCW):
  • Microsoft's Service Pack 1 offers several security enhancements and tools for Windows 2003 Server administrators. The two most significant enhancements are the inclusion of a server firewall and the Security Configuration Wizard (which must be installed after Service Pack 1). To install SCW after installing Service Pack 1, go to Add or Remove Programs -> Add/Remove Windows Components and select the Security Configuration Wizard check box. After this, the Security Configuration Wizard will be available in the Administrative Tools section of the Control Panel.
  • The Security Configuration Wizard provides a centralized way to check your server's security, to make changes as required (including managing the firewall), and to roll back changes if anything doesn't behave as expected. The graphical user interface allows you to administer one server, and a command line option (scw.exe) allows you to create group policy objects which can be used on many computers.
  • Use "Manage Your Server" to enable only the services you need
  • Windows 2003 Server introduces a more secure method of controlling access to your server. By default, all of the potential server services are turned off until you enable them. The "Manage Your Server" tool, found in Programs -> Administrative Tools, provides a central location to track which services are enabled. It provides roles for your server -- for example, a DNS server role, a web server role, an email server role -- and allows you to decide how many of these roles are enabled.
  • Use both campus firewall and server firewall protection:
  • A properly configured server firewall can be very effective in reducing the amount of network traffic that is allowed to reach your server and systems connected to it. With the release of Windows Server 2003's Service Pack 1 (described above), you can enable and administer a firewall on your server with a few clicks. You can also take advantage of campus firewall protection by joining your server to one of the available firewall groups; see Campus Firewalls for more information.
  • Choose a good password:
  • Any computer that will have multiple users or be attached to a network needs to have good password protection for each user. Password tips and advice can be found in the CITES Guide to Passwords.
In many versions of Windows, a user name can have a blank password, which allows anyone to log in to the computer simply by clicking. Make sure that all user accounts on the machine have passwords to protect access to your computer.

Source:cites.illinois.edu/security/by_os/win2k3srv.html