Six Steps to a More Secure Linux Server
I've worked as a remote Linux System Administrator for quite a while, and one thing that I've noticed is that many "administrators" out there don't know how to configure or secure a server properly. This article is a quick reference on some of the more important (and easy) security or configuration tweaks that any administrator should do for their server. These six steps can dramatically increase the security and stability of any Linux server. The best part about these tips, is that they are all quick and easy to do as well, with each step taking less than 15 minutes!
1.) Security Updates Not Installed
Almost every server that I work is not the newest (and surest) software. Yes, Linux is a great operating system software, but has all the security problems. Enable the installation of automatic updates using a cron script, or is similar to the simplest and easy way to make sure that your server is not compromised. There really is no excuse to not have the latest security updates to install
2.) Disable root login via SSH, and password authentication
Admittedly, I've been guilty of this myself sometimes. Let's face it, everyone likes being able to quickly and easily log into their servers, and change settings. However, if you're using password authentication, what's to keep someone else from logging into your server? In addition, you should not use password authentication on your Linux server, to prevent others from logging into your Linux server. Instead, enable RSA signed authorization keys. This is more secure, since an attacker will not be able to guess or brute force a login session with your server.
3.) Disable or filter extra services
This is the second biggest problem is that I look over the new customers with servers. Often the system administrator to build their Linux server does not automatically imply a necessary final step filter incoming connections that are not necessary. I've seen it all run from the day service, MySQL is waiting for connections on a remote IP. If a Linux administrator is not familiar with iptables, there are several tutorials that someone will show you how even a simple firewall ruleset. Moreover, disabling unnecessary services is a fundamental step to optimize the server as well, why extra services that run to tie resources if they are not needed?
4.) Test accounts or guest accounts still active
Another glaring security hole (and often used is one) that a customer will not have to be test-user is run (often with very simple passwords, such as test) if a software solution for a production server is deployed. I do not need the security implications of this single-make sure that getting rid of you, the guest or trial accounts!
5.) Advertising banners left on
We all like advertising, is not it? However, the advertising world, for the version of Apache or Sendmail, you run on your Linux server is the three-year-old, is not to be concerned about, it is necessary. Disable the server as long as the banner will help to hide the script from a fundamental reliance on attacking your server. Moreover, why is bad to help determine the software server is running?
6.) PHP errors or application errors
I'm pretty confident that we have all seen an error or two displayed on a website. Some errors that are displayed are not a security issue at all, for instance Javascript errors. However, some errors are security issues (PHP is particularly bad with this), because they disclose sensitive information. The easiest way around this is to disable displaying errors in PHP (or your web applications). Otherwise, an attacker may be given information about your website's database details, or file locations.
These issues are the top 6 security issues that I see on a daily basis in my work. You can all check your server or servers for these quick issues (these tips take almost no time at all), and dramatically increase the security of your server. However, if you have any problems implementing these security steps, please feel free to contact me.
Ensuring Security of Wireless Networks
Nowadays, implementation of wireless networks is very common. There are very less clutters in a wireless network, so it is a convenient way of network implementation and management. The troubleshooting of wireless network is easier than wired networks, so people prefer having wireless networks at workplace as well as at home.
However, wireless networks are more vulnerable to security flaws along with the convenience and easy approach of implementation. Even a person with less IT knowledge can easily access an unsecured wireless network and use unethically. Therefore, it is very important to restrict unauthorized access of wireless networks available at home or at your workplace. There are some standard security measures of securing your wireless networks from unauthorized access. In order to secure your wireless network, you can adopt following actions:
Restrict Wireless Network Broadcasting
The default setting of your Wi-Fi router allows automatic network broadcasting so that devices with wireless access feature can detect the wireless networks available in range. Choosing this default setting makes your wireless network open to everybody. To restrict automatic wireless network discovery you can disable this feature. Go through your wireless router manual to learn how to disable this feature.
Enable Data Encryption
Data Encryption is a well-accepted protocol to secure wireless networks. Nowadays, almost every Wi-Fi router or access points come with WEP (Wired Equivalent Privacy) or WPA (Wi-Fi protected access) encryption schemes. By enabling any of these two encryption schemes, you can restrict the access of your Wi-Fi network.
Choosing Strong Network Password
While enabling data encryption, you are required to set a password to allow access to your wireless network. Choosing a strong password is very important to achieve required level of security. An ideal password is combination of alphanumeric keys and comprise of several characters. Avoid using your name, Date of Birth, or other common things as a password for your wireless network.
Activating Firewall
All wireless access points come with an in-built firewall to stop unauthorized incoming and outgoing connections through your wireless network. Learn how to use and customize this firewall for maximum level of wireless network security.
By following above instructions, you can secure wireless networks at your home or at workplace and enjoy the benefits of going wireless without any worries.
Posted in: Software| Tags: Security Wireless Networks Protection Network Feature Access password router choosing wireless implementation encryption6 Easy Steps to Protect your Wireless Networks
Fear not, though. There's plenty you can do to protect yourself.
1)Change your administrator password
Before you do anything else, change the administrator password on your router. Every model of router comes preconfigured with a standard password, and hackers know this. So it's exceedingly easy for someone to hop onto your network, gain full control over its administrative rights and wreak havoc.
2)Stop broadcasting your network's SSID and change its name
Your service set identifier (SSID) is your network's name, and if people know what your SSID is, it's easier for them to find your network and connect to it. Your router broadcasts its SSID, and that broadcast tells passersby there's a network there. It also gives out the name. So, if you turn off SSID broadcasting, you'll go partway toward keeping casual users from seeing your network. But doing that, by itself, won't necessarily solve the problem. Even if you stop broadcasting your network's name, people might still be able to connect to your network. That's because manufacturers generally ship their wireless routers with the same generic SSID. So, even if you stop broadcasting your SSID, intruders can easily guess your router's name and log on. To solve the problem, first change your SSID's name, and then hide it
3)Enabling encryption
Wi-Fi networks are incredibly convenient and incredibly easy to spy upon. All that data going out over the air among your PCs and between your PCs and the Internet can easily be snooped on by anyone nearby using simple, off-the-shelf software such as packet sniffers. Using encryption is the single most important step to protect your home or small office network.
4)Protect yourself using MAC addresses
Another way to protect your wireless network is to allow only certain computers to connect, and ban all others. To do that, you'll filter by Media Access Control (MAC) addresses and so you'll be able to tell your router to allow only specific MAC addresses onto the network and keep all others off.
5)Turn off your network when you're not using it
This simple precaution can go a very long way toward keeping you safe: Simply turn off your router when you're not using your network. The less time your wireless network is available, the less likely it is to get hacked.
6)Checking for wireless intruders
You can never be too safe, and so even if you've taken all this advice, it's a good idea to check your network to see if intruders have made their way in. And if you haven't taken all this advice, that's all the more reason to check.