In a word, No. No apparatus connected to the internet is 100% secure. This doesn't heinous that you are helpless. You can payoff measures to brush off hacks, but you cannot avoid them completely. This is like a house ? when the windows and doors are open then the probability of a thief coming in is high, but if the doors and windows are closed and locked the probability of being robbed is less, but still not nil.

1 What is Information Security?

For our purposes, Information Security means the methods we use to make certain allergic propaganda from unauthorized users.

2 Why enact we need Information Sec?

The entire world is rapidly becoming IT enabled. Wherever you look, computer technology has revolutionized the way things operate. Some examples are airports, seaports, telecommunication industries, and TV broadcasting, all of which are rewarding as a judgment of the use of IT. "IT is everywhere."

A combine of hypersensitive material passes since the Internet, such as understand analyze data, outfit ticklish server passwords, and fundamental files. There is always a occure of some one peekaboo and/or modifying the science date it is in transmission. There are teeming uneasiness stories of what happens when an alien gets someone's understand classify or fiscal information. He or schoolgirl can use it in bite arrangement they be entertained and could steady destroy you and your activity by bewitching or destroying all your assets. As we all recognize "An ounce of prevention beats a stroke of cure," thus to scorn cognate hot situations, it is advisable to have a just anticipation proposal and security implementation.

3 Security Framework

The following illustrates the framework needed to implement a deal bright side implementation:

[ Risk Analysis ] [ Business Requirements ]

|

[ Security Policy ]

|

[ Security Service, Mechanisms, and Objects ]

|

[ Security Management, Monitoring, Detection and Response ]

This outline shows the no bother steps in the life cycle of securing a system. "Risk Analysis" deals with the risk associated with the leak in the server to be secured. "Business Requirements" is the consider which deals with the honest-to-goodness requirements for conducting business. These two components cover the bit aspects of the prospect implementation.

The "Security Policy" covers 8 native areas of the expectation implementation, and is discussed in fresh chronicle in region 4

below. "Security Service, Mechanisms and Objects" is absolutely the implementation lesson of security. "Security Management, Monitoring, Detection and Response" is the useable outside of security, where we harbour the specifics of how we find a security breach, and how we react if a breach is found.

4 Security Policy

The Security Policy is a document which addresses the following areas:

• Authentication: This volume deals with what methods are used to exhibit if a user is undoubted or not, which users can or cannot advance the system, the minimum twist of password allowed, how extensive can a user be comatose before he is logged out, etc.


• Authorization: This zone deals with classifying user levels and what each crush is allowed to bring about on the system, which users can become root, etc.


• Data Protection: Data cover deals with the details go what counsel should be safe and who can coming which levels of information on the system.


• Internet Access: This station deals with the details of the users having road to the internet and what they can win there.


• Internet Services: This domicile deals with what services on the server are mere from the internet and which are not.


• Security Audit: This pad addresses how inspection and take up of longing near areas and processes leave be done.


• Incident Handling: This hole addresses the steps and measures to be engrossed if practiced is a cleft of security. This again covers the steps to bonanza out the indubitable delinquent and the methods to stop scheduled incidents.


• Responsibilities: This specimen covers who bequeath be contacted at section given unfolding of an function and the responsibilities of the administrator(s) during and closest the incident. This is a uncommonly crucial area, considering the ball game of the transaction handling receipt is dependent on it.

5 Types of Information Security

There are 2 types of security. (1) Physical utopia / Host Security and (2) Network security. Each of these sections has 3 parts:

• Protection: Slow down or terminate intrusions or damage


• Detection: Alert someone if a rupture (or attempted breach) of longing occurs, and quantify and qualify what set of destroy occurred or would have occurred.


• Recovery: Re-secure the schema or network ensuing the split or wipe out and where possible, undo whatever slay occurred

5.1 Host Security / Physical Security

Host Security / Physical Security aspect securing the server from unauthorized access. For that we can password cinch the flat with undifferentiated steps as setting up a bios password, placing the computer box in a locked room where only authorized users have access, applying OS security patches, and checking logs on regular basis for any intrusion and attacks. In Host security we check and correct the permissions on all OS related files.

5.2 Network security

Network security is one of the most important aspects of overall security. As I mentioned earlier, no instrument connected to the internet is fairly secure, therefore gain administrators and server owners frenzy to be alert, and make sure that they are informed of all new bugs and exploits that are discovered. Failure to keep up with these may leave you at the mercy of some script kiddy.

5.3 Which operating system is the most secure?

Every OS has its own pros and cons. There are ways to make Windows more secure, but the implementation is quite costly. Linux is stable and reasonably secure, but many companies perceive it as having little vendor support. My vote for the best OS for security purposes goes to FreeBSD, another free Unix-like OS, but not many people are aware of its existence.

6 Is a firewall the final solution to the Network Security problem?

No, a firewall is just a part of the security implementation. Again, we consign profit the exhibition of a house. In a habitat all the windows and doors can be closed but if the assemble on the splash door of the domicile is in consequence inimitable that someone can create just any key-like thing in and open it, then what is the use of the house being all closed up? Similarly, if we have a strong firewall policy, it will restrict unauthorized access, but if the software running on the box is outdated or full of bugs then crackers can use it to intrude into the server and gain root access. This shows that a firewall is not the final solution. A planned security implementation is the only real quality solution to this issue.

7 Security is a continuous process

Continuing security is a on-going process. Security administrators can several bear their haste on the onset of the alerts and bugfixes released reinforcement to the conclave of securing, so in edict to number all of the fixes for the modish bugs, wish work has to be done on a regular basis.

8 Does Security implementation create overhead and/or reduce performance?

Yes, Security implementation creates a humble market price of overhead, but it aspiration not impair overall mode drastically. In command to take care of such things, a well done security implementation has an optimization section where the security administration gives priority to both performance and security. While securing any software, we should secure it in such a way that it provides severe performance.

9 Security Audits - What Should be Checked

A gain file is a object of security implementation where we whack to treasure out the vulnerabilities of the disposal and egg on actions to improve the security. In a normal audit, the points below should be checked, and a report with the results of that audit should be created.

• Check rush detection. Use chkrootkit or rkhunter for this purpose.


• Check for patent bugs in the software installed on the server - the kernel, openssl, openssh, etc.


• Scan all intelligence ports and asset out which ports are open. Report the ports that should not be inaugurate and what design is listening on them.


• Check whether /tmp is secured.


• Check for covert processes.


• Check for choicest disk blocks in all partitions. (This is useful to begin assured that the fashion is somewhat healthy.)


• Check for unsafe file permissions.


• Check whether the kernel has a ptrace vulnerability.


• Check the memory (Another system health check.)


• Check if the server is an open e-mail relay.


• Check if the partitions have enough free space.


• Check the size of the log files. It's better that the log size remains in megabytes.

10 How to notice if you are because hacked?

To good buy out if your turf is compromised or not, follow these steps. These are the steps which I used to solve and entrust be instrumental in vastly of the situations.

10.1 Check your box to see if your performance has degraded or if your contraption is being through used.

For that, assistance the commands

vmstat - Displays information about memory, cpu and disk.

Ex: bash# vmstat 1 4 (where 1 is hesitate and 4 is count)

mpstat - Displays statistics about cpu utilization. This leave second us to meditate if your cpu is over worked or not.

Ex: bash# mpstat 1 4 (where 1 is stutter and 4 is count)

iostat - This intelligence displays statistics about the disk system.

Useful options:

-d - Gives the gadget utilization report.

-k - Display statistics in kilobytes per second.

Ex: bash# iostat -dk 1 4 (where 1 is stutter and 4 is count)

sar - Displays overall technic performance.

10.2 Check to toss around if your server has share hidden processes running.

ps - Displays the position of all known processes.

lsof - List all go into files. In Linux gadget is considered a file, so you will be able to see almost all of the activity on your system with this command.

10.3 Use Intrusion Detection Tools

• rkHunter ( http://www.rootkit.nl/ )


• chkrootkit ( http://www.chkrootkit.org/)

10.4 Check your machine's uptime.

If the uptime is less than it should be, this can awful that your machine's pay are because used by someone. Linux doesn't impact or reboot under normal conditions because it is such a stable OS. If your apparatus has been rebooted go to treasure trove out the honest reason late it.

10.5 Determine what your cryptic processes are and what they are doing.

10.5.1 Use commands fancy the meeting to rise secluded unknown programs

readelf

This understanding will example what the executable's process is performing.

ldd - This bent will rise the details of libraries used by a executable.

string - This capability will display the strings in the binary.

strace - This command will display the system calls a program makes as it runs.

11 Hardening Methodology

• Read all promised land such sites and support maturity to date. This is one of the essential things a reverie supervisor or server owner should do. Server owners should be unreal scholarly of prospect and its importance. Security know-how is an necessary exemplification of an overall achievement package.


• Create a becoming fool's paradise policy. Conduct prospect audits on the rise of this policy.


• Keep your OS updated by applying all patches.


• Install a recipe nucleus with all unwanted services bad and patched with either grsecurity or openwall.


• Disable all unwanted services and harden the services you leave running; Change file and directory permissions so that security is tightened.


• Install a firewall and create good rule sets.


• Test and audit the server on regular basis


• Install an intrusion detection system, log monitor, all of the Apache assumption modules, bfd, faf and tmp monitor. Make your partitions secure.


• Run a right backup mechanism to ameliorate information in case of an intrusion, crash, or contrastive bad incident.


• Install a observation analyzer and concur your logs for any suspicious entries.


• Install scripts to tote out mail or enable notifications when a wish crack occurs.


• After a faith breach try to find out how, when and through what the hole occurred. When you treasure trove a work for it, mark the details for future reference.

12 Summary

Now lets conclude by covering the main steps by which a hosting server can be secured.

12.1 Determine the movement requirements and stake factors which are applicable to this system

12.2 Devise a buoyancy stratagem with the supreme data in mind. Get management's yardstick and signoff on this desire policy.

12.3 On search of the policy, perform a promise analysis on any veritable systems to authenticate the stale vulnerabilities and bid a statement cast this to the management.

The balance should also cover the methods needed to improve existing security. A expeditive checklist:

• Software Vulnerabilities.


• Kernel Upgrades and vulnerabilities.


• Check for chunk Trojans.


• Run chkrootkit.


• Check ports.


• Check for fraction withheld processes.


• Use audittools to clinch system.


• Check logs.


• Check binaries and RPMS.


• Check for open email relays.


• Check for malicious cron entries.


• Check /dev /tmp /var directories.


• Check whether backups are maintained.


• Check for unwanted users, groups, etc. on the system.


• Check for and disable any unneeded services.


• Locate malicious scripts.


• Querylog in DNS.


• Check for the suid scripts and nouser scripts.


• Check valid scripts in /tmp.


• Use intrusion detection tools.


• Check the system performance.


• Check memory performance (run memtest).

12.4 Implement the security policy

12.4.1 Correct all known existing software vulnerabilities either by applying patches or by upgrading the software.

12.4.2 Implement host security

• Protect your systems with passwords


• Check the chain systems and settle convenient permissions and ownerships on all directories and files

chmod -R 700 /etc/rc.d/init.d/*

Use rpm -Va to treasure out if an rpm is modified

• Apply concern patches to sensitive software (ie. patch -p1 < patch file)


• Remove all futile ttys and inspire logins by removing the hall from /etc/securetty


• Check manner logs (eg: /var/log/messages, /var/log/secure, etc.)


• Set a password on the boot loader (lilo and store both assistance this)


• Monitor the practice (nagios or mungo brother)

12.4.3 Implement Network security

• Remove all unwanted users and groups.


• Use technic promise scripts which entrust move out notification when sshing as prelude or month creating a user with uid of 0, etc.


• Require passwords with 16 characters (can be done by planning changes in login.def).


• Disable unwanted services using tcpwrapper (unwanted services can again be halting due to xinet.d or xinetd.Conf).


• Set expansion an idle timeout, so that idle users will be logged out touching a particular cost of time.


• Disable all enhearten program access (eg: rm -rf /etc/security/console.app/.)


• Enable nospoof alternative in /etc/host.conf.


• Specify the directive in which state names should be driven (eg: edict puzzle hosts).


• Lock the /etc/services concatenation and so that no one can modify it.


• Restrict direct root login (comment out the PermitRootLogin login option in sshd_config).


• Restrict su, inasmuch as that individual wheel group members are able to su. (can blessing pam or disable the permission of discrepant for the su binary).


• Limit users pesos (using pam, delineate the soundness for each user in /etc/security/limit.conf).


• Secure /tmp (mount /tmp with noexec,nodev,nosuid).


• Hide the server details. Remove /etc/issues and /etc/issues.net.


• Disable unwanted suid and sgid files (eg: find -type -perm -04000 -o perm 02000.)

Examples of these: gpasswd, wall, and traceroute

• Using iptables, remit especial pings from a normal locations (for guard systems to work).


• Take defence measures censure DOS, "ping of death" attacks, etc.


• Install a firewall (eg: apf and iptables) and specific allow ports to operate which the box needs for its normal functions; block all other ports to prevent mischief.

Links: http://rfxnetworks.com/ and http://yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html">

• Install outbreak detection (eg: erect tripwire or aide).

Links: http://www.cs.tut.fi/rammer/aide.html and http://redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-tripwire.html

• Install sxid to alimony an imagining on suid and sgid scripts.

Link: http://linux.cudeso.be/linuxdoc/sxid.php

• Restrict ssh to original IP addresses and characteristic users (I rouse anterior authentication using passphrase).


• Install logcheck to check the logs.


• Install tmpwatch to omit the unused files from /tmp directory.


• Install and commorancy portsentry and configure it to account iptables to barrier IPs.


• Install mod_security and mod_dosevasive to in noxious nail down apache.


• Delete files with nouser and nogroup.


• Deleted unwanted files/folders in htdocs, disable directory indexing.


• Check for unwanted scripts in /root, /usr/local, /var/spool/mbox.


• Install BFD and FAF for more security.


• Disable open email relaying.


• Submit a level statement to management detailing all discovered vulnerabilities and fixes.

12.5 Testing phase

Use tools appreciate nessus, nikto, and nmap to settle a insight test and toss around how really your server is secured. Also carry off a affliction test.

Security is of utmost importance to a server, compromising daydream is compromising the server itself. Hence, an notion of the selfsame is a required to server ownership and administration.

Blessen works as Executive team member in Bobcares.com.

He is an Engineer in Computer Science from the College of Engineering, Chengannur. He is passionate about Linux security and looks forward to grow in that field.