On Tue, 04 Jul 2006 18:56:02 -0400, Grant <[EMAIL PROTECTED]> wrote:
It has come to my attention that a particular person I know may be intent on attacking my server/website in any way possible. He doesn't know much about Linux but does know Windows. What kind of things should I lock down to protect my remote hosted server? I don't have time to get too crazy with security right now, but what kinds of simple tricks might this fellow learn by asking around on forums, etc?
A Windows guy has all of the techniques/tools that a 'nix guy has - he'll figure out what servers you have, which ports, which software, what vulnerabilities ...... all of it. He'll even use some of the same tools (e.g. nmap). If your server is misconfigured (e.g allows root logon); if passwords are trivial; if software is out-of-date with known vulnerabilities; he could break in and deface the site; erase the OS; install a root kit and hide a key logger............................. Suggest that you shut this thing down 'til you have a security plan that you understand, and with which you are comfortable. If that is not possible, then implement the items mentioned earlier, and additionally assure: 1. that your passwords are at least 15 characters long with capitals and numerics. A repeated password is fine (e.g. gentoo becomes gEnt0*gEnt0*gEnt0*) 2. that you can easily and confidently restore your backups (you do have backups!?) 3. that you can tell if you've been hacked (e.g. samhain, tripwire). 4. And that your software is up to date. After that, you can look into IDS, Trojan scanning, chroot jails, hardening, and other things that servers under attack might consider. -- [email protected] mailing list
