Home | Existing Customers | About Us
Hosting Services
Affiliates/Resellers    Hosting FAQs    Support
  Virtual Private Servers
  Shared Hosting
  Dedicated Servers
  Colocation Hosting
  Disk-to-Disk Backup
  Web Developement
  Server Administration
  Consulting Services
Additional Services
  Domain Registration
  Secure SSL Certificate
  Spam Filtering
       

Security Center

If you think your server might have been compromised

please open a ticket with our helpdesk immediately!

 

 

The problem of server security is becoming more and more severe every day, and without special attention from all people involved in server management a security breach is inevitable. Globaltap has an exemplary connectivity to the Internet backbone, which makes any server at Globaltap a prime target for crackers, much more so then at any lesser connected place.

The following is a collection of advice to help you keep your server more secure. By no means this is a complete security manual, this page is only meant to give an overview of important security point and is mainly aimed at Linux/Unix server security, although some advice is applicable to all platforms. This list might seem excessive at first, but today's network reality is that this is a bare minimum needed to avoid downtime and lots of clean-up work.

  1. General security hygiene:

    1. Regular backups are very important for many reasons. They are important to be able to recover from a devastating security compromise. Sometimes restoring the server from a backup is the only way to recover from a break-in. We recommend that you perform backups on a regular schedule, preferably every night.

    2. Good passwords are important to keep hackers away from your accounts and ultimately from the server. Pick passwords which are hard to guess, and change them regularly. This document http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-pass.html goes into details of how to pick good password.

    3. Unencrypted protocols are bad because they expose passwords to the network. Do not expose your passwords out in the open because crackers use password sniffing as one of the primary tools for gaining unauthorized entry. Any unencrypted protocol should not be used to pass passwords over the network .If you have to use an insecure protocol, such as ftp or FrontPage extensions, make sure it has a separate and different password from any user account on the system. If possible, enable insecure protocol only for a short period of time when it is required. Try to switch to encrypted protocol: anything that can be done via ftp can also be done via ssh.

    4. Regular software upgrades are essential to keep your server secure. If you are running Redhat type system, use yum upgrade on a regular basis. Upgrading your server on a regular basis is not a guarantee that it will not be broken into, but ignoring regular upgrades is a sure way to get your server compromised. We recommend you upgrade your software at least once a week.

    5. Minimalize. Turn off the daemons you do not need. Erase the software you do not use. Close the user account right away when they are no longer needed. Check your /etc/passwd for accounts that have real shell which do not need it. Check your /etc/shadow for accounts that have a password which do not need it. A program or an account cannot be used for a compromise if it does not exist on the server. The more programs are installed and the more accounts you have enabled the more possibilities exist for compromise.

  2. Improving security by restricting access:

    1. Secure your ssh daemon. Make sure you do not allow root logins via ssh because there is a known way to compromise a server via ssh opening from another compromised server. There is an option in sshd_config to turn off root logins via ssh - use it. You can always use "su" to go into root account once you have logged into a regular user account. Restrict the accounts which can be logged into via ssh, and restrict which IP's can login via ssh, see this link for a recipe: http://www.cyberciti.biz/tips/openssh-root-user-account-restriction-revisited.html
      ssh has become a target for brute force password guessing. It is common to see thousands of messages per day in syslog for failed ssh logins. One way to reduce these attacks is to run ssh daemon on a non-standard port. Another way is to restrict which IPs can use ssh either via pam rules (as in above link or using firewall).

    2. Use firewall rules to restrict access to your server. Any modern Linux distribution includes iptables firewall. Use it to only allow access which is needed. For example, you can use iptables to only allow certain IP's to login via ssh. If for some reason you cannot use firewall on your server, open a ticket with our helpdesk: Globaltap does have a central firewall and we do offer free filtering to our customers (setup fees may apply).

  3. Security tools. There are many good tools for many different purposes, and we cannot cover them all here. See, for example, this document: http://www.ciac.org/ciac/SecurityTools.html However, we do want to mention a few tools which we find to be very beneficial:

    1. Intrusion detection tools we recommend for Linux are "aide" (http://sourceforge.net/projects/aide)  or tripwire (http://www.tripwire.org/). There are a number of other ones, see http://www.cromwell-intl.com/security/security-intrusion.html .

    2. Network intrusion detection tool snort: http://www.snort.org/

    3. System log summarizer comes with many Linux distribution: logwatch (http://www.logwatch.org/) Review logwatch output every day.


Terms and Conditions | Contact Us © Copyright 2012 Globaltap, Inc. All Rights Reserved.