Potions of Protection
Server Security
What does that do again?
• Familiarity
• Differing levels of protection
– Low, does not exist
– Medium, No private data
– High, Server the contain private data that
needs extraordinary measures of protection
• HIPPA, FERPA, Act, Credit Card data, GLB
• What is a server?
– Common share point w/ files, images, webbased services
Ingredients for Protection Potions
• Defense
–
–
–
–
Firewalls
Host Hardening
Secure Communications
Physical Security
• Monitoring
– Network Monitoring
– Host Monitoring
• Discovery
– Forensics
Defense! Defense!
• Firewall
– 3 ways to deploy
– Securing Concepts
• Remote Administration
– Linux SSH, nonstandard port
– Windows RDP, no connections to/from public internet
• Ethereal http://www.ethereal.com/
Defense
• Host Hardening
– Authentication and Account management
– Install and Patch OS
• Update.microsoft.com, http://sunsolve.sun.com/
http://www.redhat.com/apps/support/updates.html
– Install Anti-virus
– Do we need that?
• Netstat –aonbv
• TcpView
http://www.microsoft.com/technet/sysinternals/utilities/tcpview.msap
x.
• Netstat -aopl
– Access Control
– Controlling Services
• Autorun
http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx
 Init and inetd daemons
 find /var -iname "*cron*"
Services to Disable
Services to Review
Defense
• Secure Connections
– Encrypt that message!
– Disk Encryption
Monitoring
• Network Monitoring
– Ethereal, Wireshark
– Netstat
Monitoring
• Host Monitoring
– File Integrity Checks
• Afick, Another file Integrity Checker
– AIX, Linux, Windows
• Aide, Advanced Intrusion Detection Environment
– Shipped with Fedora 3, 4, 5
– Log Monitoring
• Logwatch
Discovery
• Forensics
– http://www.foundstone.com/us/resourcesfree-tools.asp
Extra Credit
• Review trusted relationships
• Review FTP Configurations
• Avoid running web servers as root and
remove all sample scripts
• Strong Encryption
– PGP, SSH, SSL
• Non-Routed IPS