Anyone that reads much on this site will see a theme in many of my posts and articles, where I stress security quite a bit. Here is a prime example of security being the job of everyone, users and system administrators alike. Here is a snippet of an article from ars technica:
“Hackers successfully infiltrated Oak Ridge National Laboratory (ORNL),
one of the nation’s leading military research facilities. The attackers
gained access by sending e-mails infected with trojan horses to ORNL
employees. The lab claims that no classified information was retrieved,
but admits that the perpetrators managed to acquire a database
containing personal information about ORNL visitors and employees,
including Social Security numbers.”
Yikes! Read more about it …
I found an article today that I thought might be worth mentioning. It’s an interesting, if not scary read to say the least, but mainly I wanted to use it’s content as an example or reason for some of the stuff I preach here. The article is from ars technica, a great site, and it provides some sobering information about data loss. In fact, they tally up some numbers to find that in under three years, 159 million personal records have left the building. Yep, you read that right. Where am I going with this? Well, this is exactly why you would want to follow good system administration practice and secure your servers, you know actually manage them. Keep your data safe, use common sense, follow the rules and don’t break the rules just because it’s more convenient to leave telnet running and have a root password of dog. You for sure don’t want your own data captured by the nasties, and when you take hold of some customer’s data, you are taking the responsibility to keep their data safe too, as if it were your own. Don’t wind up a statistic, secure those servers, and in the words of “Madeye” Moody, practice constant vigilance!
Passwords, and why the heck are they so important?
Everyone has passwords, some have only a few, and some of us have bunches of them. In some cases, literally hundreds or thousands to manage, and let me tell you it’s a pain in the rear. However, password management is not the main thing this article is about, although it pertains to the subject. No, what I want to talk about today is the area of good passwords, strong passwords, passwords that will defend your server and shun any attack by the bad guys that try to get in while you are away playing Quidditch. I have seen lots of passwords in my day, and let me tell you that there are lots of servers that could be compromised using either “ncc1701” or “corona”.
Continue reading Good password practices
One of the most important jobs that someone who calls themselves a “System Administrator” has is securing their servers. Whether it’s a personal server you are tinkering with, or a production server at work somewhere, keeping a server secure is paramount for many reasons, not just keeping your data safe. If your server were to get compromised, depending on what happened, it could be used as a zombie to target other machines in a massive DDoS attack. It might be used to send yet more spam out to the users of the world, or it could even be setup as a platform to launch more viruses and attacks against unsuspecting users all over the Internet.
The point is that there are a great many reasons to keep your server secure, and I don’t think there is anyone out there who would disagree. That being said, I have written up some basic steps that I go through to begin the process of securing my Linux boxes, thus hoping you can use it to help you secure yours. I decided to start with Linux because many people are testing and playing with it since it is very powerful and free. These are guidelines, as well as examples of how I do it. It’s too simple to say that there are better or worse ways of doing things. Read what I have below here and apply it to your situation, lots of things in this article can even be applied to Windows, as they are good practices regardless of the OS. Let’s get started shall we?
Continue reading Basics of securing a Linux server