How to secure a server?

Discussion in 'Computer Security' started by Peter, Feb 26, 2007.

  1. Peter

    Peter Guest

    Hi all,
    I'm new to the computer security. Can you show me some starting point of
    securing a server? What i read on most sites about security is that
    updating the system is one of the best pratices. However, i find it quite
    hard to do that on daily basis, especially when you have a server with
    little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
    IDS but most of IDS systems require experiences of the admin to set up a
    good database, which is impossible for beginner like me. How secure is a
    firewall with good policy?
    In case my server was intruded, what is the procedure to stop the attack,
    secure the system and rescue the data?
    If possible, please refer me to sources where i can learn more. I want
    something detailed, not just general guidlines that can be found by google.

    Thanks a lot.

    --
    Peter - A newbie.
     
    Peter, Feb 26, 2007
    #1
    1. Advertising

  2. Peter

    Todd H. Guest

    Peter <> writes:

    > Hi all,
    > I'm new to the computer security. Can you show me some starting point of
    > securing a server? What i read on most sites about security is that
    > updating the system is one of the best pratices. However, i find it quite
    > hard to do that on daily basis, especially when you have a server with
    > little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
    > IDS but most of IDS systems require experiences of the admin to set up a
    > good database, which is impossible for beginner like me. How secure is a
    > firewall with good policy?
    > In case my server was intruded, what is the procedure to stop the attack,
    > secure the system and rescue the data?
    > If possible, please refer me to sources where i can learn more. I want
    > something detailed, not just general guidlines that can be found by
    > google.


    You're dealing with big topics.

    Win2k server:
    http://www.sans.org/reading_room/whitepapers/win2k/189.php
    http://www.microsoft.com/downloads/...86-A2C8-4C8F-A9D0-A0201F639A56&DisplayLang=en
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/HTBaseAnal.asp

    That last link is to a reasonably useful tool that'll point out
    glaring weaknesses. It has a very unfortunate asp file name though.

    Fedora 1 or 2
    dunno... they're old. Consider upgrading.

    IDS's are good tools. They do require setup and admin. Snort is a
    very popular free one. It's imperative to keep up with updates
    though.

    A firewall only secures your border. Are you running web servers?
    How many internal users are there? Are there provision for external
    access for employees?

    No time to say more at this point, but if you can post what OS your
    server is perhaps folks have a favorite, detailed hardening guide they
    can point you to.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Feb 26, 2007
    #2
    1. Advertising

  3. Peter

    left_coast Guest

    Peter wrote:

    > Hi all,
    > I'm new to the computer security. Can you show me some starting point of
    > securing a server? What i read on most sites about security is that
    > updating the system is one of the best pratices. However, i find it quite
    > hard to do that on daily basis, especially when you have a server with
    > little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
    > IDS but most of IDS systems require experiences of the admin to set up a
    > good database, which is impossible for beginner like me. How secure is a
    > firewall with good policy?
    > In case my server was intruded, what is the procedure to stop the attack,
    > secure the system and rescue the data?
    > If possible, please refer me to sources where i can learn more. I want
    > something detailed, not just general guidlines that can be found by
    > google.
    >
    > Thanks a lot.
    >


    Security is an ongoing process, not a final state. beware of people claiming
    simple solutions. The best security tool is EDUCATION. Educate yourself
    about computer security by reading books and research. EDUCATE your users
    as to how to use a computer in secure ways. The more you know about system
    security, the better you will be at securing a system.

    That said, security should be based on the need. What the NSA and CIA would
    install for security on their most secure severs, would probably not work
    for the computer system at your local library. To know "How to secure a
    server" one needs to assess the best balance between security and
    accessibility required.
     
    left_coast, Feb 26, 2007
    #3
  4. Peter

    Lew Pitcher Guest

    Lew Pitcher, Feb 26, 2007
    #4
  5. Peter wrote:

    > Hi all,
    > I'm new to the computer security. Can you show me some starting point of
    > securing a server?


    A good starting point is a degree in computer science and abut 5 years field
    experience setting up and managing systems.

    Go read a few books, mosey over to Sans.org/cert.org and read some of their
    free whitepapers. Checkout Brainbench for cheap/free exams (no point in
    reading the books unless you can prove you understand them). There's a lot
    of introductory level stuff on wikipedia - but be wary of the value of
    infromation published there. Another good site is www.securityfocus.com

    You'll get lots of opinions on Usenet, and occassionally some good advice;
    If you had supplied about 100 words on what it is you are trying to secure
    then you might have got some specific advise here. Are you ready to
    understand it?

    > What i read on most sites about security is that
    > updating the system is one of the best pratices.


    Almost; keeping up to date in a managed fashion with the supplied patches is
    good practice.

    > However, i find it quite
    > hard to do that on daily basis, especially when you have a server with
    > little or zero support such as Fedora 1/2/3 or Win2K.


    I can't tell you if you should be that up to date from the information
    you've supplied.

    > I also heard about
    > IDS but most of IDS systems require experiences of the admin to set up a
    > good database, which is impossible for beginner like me.


    No some IDS are hard to set up, some less so. The level of ability on the
    part of the admin and how they apply those skills determines the security
    of the system.

    > How secure is a
    > firewall with good policy?


    It depends on the context. Is the policy appropriate and complete? Is it
    implemented properly?

    > In case my server was intruded, what is the procedure to stop the attack,
    > secure the system and rescue the data?


    Is this a troll? If not, its time to call Ghostbusters :(

    C.
     
    Colin McKinnon, Feb 26, 2007
    #5
  6. Colin McKinnon wrote:

    >> I also heard about
    >> IDS but most of IDS systems require experiences of the admin to set up a
    >> good database, which is impossible for beginner like me.

    >
    > No some IDS are hard to set up, some less so. The level of ability on the
    > part of the admin and how they apply those skills determines the security
    > of the system.


    IDS are exactly where this doesn't apply.

    For signature-based IDS systems, one can generally say that the patches for
    vulnerabilities arrive way sooner than signature updates. And even when
    this is not the case the signatures are usually incomplete or, even worse,
    themselves vulnerable to DoS conditions.

    For anomaly analysis IDS systems, you need a lot of maintainance and log
    file evaluation. Even with modern automated processing tools, this is a lot
    of effort for only little gain in security.

    Thus, my suggestion for IDS: Think about it, think about it carefully,
    think about it again, and then drop this idea.

    P.S.: Well, one could say that you're right anyway, IDSs can have a good
    security benefit if the system is lousily administrated. But maybe that's
    not the level of ability you'd like to see of an admin.
     
    Sebastian Gottschalk, Feb 27, 2007
    #6
  7. Peter

    Tarkin Guest

    On Feb 26, 11:01 am, Peter <> wrote:
    > Hi all,
    > I'm new to the computer security. Can you show me some starting point of
    > securing a server? What i read on most sites about security is that
    > updating the system is one of the best pratices. However, i find it quite
    > hard to do that on daily basis, especially when you have a server with
    > little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
    > IDS but most of IDS systems require experiences of the admin to set up a
    > good database, which is impossible for beginner like me. How secure is a
    > firewall with good policy?
    > In case my server was intruded, what is the procedure to stop the attack,
    > secure the system and rescue the data?
    > If possible, please refer me to sources where i can learn more. I want
    > something detailed, not just general guidlines that can be found by google.
    >
    > Thanks a lot.
    >
    > --
    > Peter - A newbie.


    >little or zero support such as Fedora 1/2/3 or Win2K.


    Support for Fedora, AFAIK, is provided in forums and
    mailing-lists. Have you even tried them (for Fedora)?

    As for Win2K....I think you'll have enough of a challenge
    just getting it to act reasonably as server. Sure, you can
    slap [Apache/Tomcat/Jetty/whatever] on it, but that is
    not that particular OS's forte. I am sure there are mailing
    lists for that OS, which *are* discoverable via Google, and
    who would be better qualified/able/willing to entertain that
    question.

    >What i read on most sites about security is that
    > updating the system is one of the best practices.
    > However, i find it quite hard to do that on daily basis,


    Then you will find system administration is not your
    bag, either. Win2K has 'Windows Update' available
    (unless you removed it). Now, unless you're talking
    about the pain or rebooting, there is nothing easier
    than using Windows Update....with the exception of
    the fine GUI administration tools provided by Debian,
    Fedora, and literally dozens and dozens of others.
    Running from a CLI? AFAIK, the GUI tools are merely
    wrappers for CLI package-management tools.

    A quick use of Google with the terms
    'Fedora 1 2 3 package management security'
    should return copious results. As would
    'Linux documentation security administration'.

    There are literally dozens of 'detailed' system
    administration guides. I installed one, on my
    Debian box, using the GUI package management tools.

    HTH,
    Tarkin
     
    Tarkin, Feb 27, 2007
    #7
  8. Peter

    Peter Guest

    I want to say sorry in advance in case my reply appears to be a top post.
    I'm still not used to KNode.

    > A good starting point is a degree in computer science and abut 5 years
    > field experience setting up and managing systems.


    Yes, I have a degree in computer science. But I have no experiences in
    managing a large system.

    >
    > Go read a few books, mosey over to Sans.org/cert.org and read some of
    > their free whitepapers. Checkout Brainbench for cheap/free exams (no point
    > in reading the books unless you can prove you understand them). There's a
    > lot of introductory level stuff on wikipedia - but be wary of the value of
    > infromation published there. Another good site is www.securityfocus.com


    Thanks for your advice. I can understand those papers to a certain extent.

    >
    > You'll get lots of opinions on Usenet, and occassionally some good advice;
    > If you had supplied about 100 words on what it is you are trying to secure
    > then you might have got some specific advise here. Are you ready to
    > understand it?


    That's the reason i'm asking for advice here :)

    What I'm trying to secure here is a Darwin server (I'm really amazed that
    there are someone running Mac a machine as a server). It has Tomcat as an
    application server. The Tomcat server is rather old. I considered updating
    it. However, upgrading Tomcat to the newest one, 6.x, will require
    modifying the web application running on it. Even an application compatible
    with 5.5 also needs modifying. The worst thing is that when i took over the
    administration, there are little documentation of the system. In the end, I
    have to give up the idea. One of my biggest concern is how to prevent a DoS
    attack and leak of user's information as the company intends to create a
    community website.


    >> In case my server was intruded, what is the procedure to stop the attack,
    >> secure the system and rescue the data?

    >
    > Is this a troll? If not, its time to call Ghostbusters :(
    >
    > C.


    No, I'm serious. You cannot assume a system is 100% secure. You may make a
    mistake somewhere. I read some hacker technique to gain root access and
    remove their trace. It may be silly but I want to know how to detect
    anomalies and stop attack.
     
    Peter, Feb 27, 2007
    #8
  9. Peter wrote:

    >>> In case my server was intruded, what is the procedure to stop the attack,
    >>> secure the system and rescue the data?

    >>
    >> Is this a troll? If not, its time to call Ghostbusters :(
    >>
    >> C.

    >
    > No, I'm serious. You cannot assume a system is 100% secure. You may make a
    > mistake somewhere. I read some hacker technique to gain root access and
    > remove their trace. It may be silly but I want to know how to detect
    > anomalies and stop attack.


    But you cannot fight on a lost ground. The proper procedure is to flatten
    and rebuild the system / recover from backup. Just the idea of detection is
    fine, but sadly usually not worth the effort unless you have a clear policy
    and relatively static demands.
     
    Sebastian Gottschalk, Feb 27, 2007
    #9
  10. Peter

    Peter Guest

    Sebastian Gottschalk wrote:

    >
    > But you cannot fight on a lost ground. The proper procedure is to flatten
    > and rebuild the system / recover from backup. Just the idea of detection
    > is fine, but sadly usually not worth the effort unless you have a clear
    > policy and relatively static demands.


    How can you know a system was attacked? I think it's unreasonable for an
    administrator just to sit there and wait for someone to tell him about the
    attack. I suppose there should be some methods with reasonable trade-offs
    for a small network? Can you give me an example of a network which has
    a "clear policy and relatively static demands" and how to build the
    detection system?
     
    Peter, Feb 28, 2007
    #10
  11. Peter wrote:

    > Sebastian Gottschalk wrote:
    >
    >>
    >> But you cannot fight on a lost ground. The proper procedure is to flatten
    >> and rebuild the system / recover from backup. Just the idea of detection
    >> is fine, but sadly usually not worth the effort unless you have a clear
    >> policy and relatively static demands.

    >
    > How can you know a system was attacked?


    As I stated: For relatively static demands, you can compare against a
    baseline policy.

    > Can you give me an example of a network which has
    > a "clear policy and relatively static demands" and how to build the
    > detection system?


    A web server running Apache. Just add Tripwire to alert whenever anything
    outside the ./www directory changes (modulo syslog).
     
    Sebastian Gottschalk, Feb 28, 2007
    #11
  12. Peter

    Adam Guest

    On Feb 26, 4:01 pm, Peter <> wrote:
    > Hi all,
    > I'm new to the computer security. Can you show me some starting point of
    > securing a server? What i read on most sites about security is that
    > updating the system is one of the best pratices. However, i find it quite
    > hard to do that on daily basis, especially when you have a server with
    > little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
    > IDS but most of IDS systems require experiences of the admin to set up a
    > good database, which is impossible for beginner like me. How secure is a
    > firewall with good policy?
    > In case my server was intruded, what is the procedure to stop the attack,
    > secure the system and rescue the data?
    > If possible, please refer me to sources where i can learn more. I want
    > something detailed, not just general guidlines that can be found by google.
    >
    > Thanks a lot.
    >
    > --
    > Peter - A newbie.


    You might find this useful as a starting point:
    http://www.nic.com/~dave/SecurityAdminGuide/SecurityAdminGuide.html

    --A

    --
    Adam Gray
    "For whose sake, henceforth, may his vowes be such
    as what he loves may never like too much"
     
    Adam, Mar 5, 2007
    #12
  13. Peter

    Adam Guest

    On Feb 26, 4:01 pm, Peter <> wrote:
    > Hi all,
    > I'm new to the computer security. Can you show me some starting point of
    > securing a server? What i read on most sites about security is that
    > updating the system is one of the best pratices. However, i find it quite
    > hard to do that on daily basis, especially when you have a server with
    > little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
    > IDS but most of IDS systems require experiences of the admin to set up a
    > good database, which is impossible for beginner like me. How secure is a
    > firewall with good policy?
    > In case my server was intruded, what is the procedure to stop the attack,
    > secure the system and rescue the data?
    > If possible, please refer me to sources where i can learn more. I want
    > something detailed, not just general guidlines that can be found by google.
    >
    > Thanks a lot.
    >
    > --
    > Peter - A newbie.


    You might find this useful as a starting point:
    http://www.nic.com/~dave/SecurityAdminGuide/SecurityAdminGuide.html

    --A

    --
    Adam Gray
    "For whose sake, henceforth, may his vowes be such
    as what he loves may never like too much"
     
    Adam, Mar 5, 2007
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. KerplunKuK

    Secure and non secure warnings

    KerplunKuK, Aug 24, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    579
    Blinky the Shark
    Aug 24, 2004
  2. Miss Mary
    Replies:
    1
    Views:
    1,477
    sean.archer
    Sep 21, 2007
  3. Replies:
    0
    Views:
    631
  4. Replies:
    0
    Views:
    804
  5. cade

    Secure Auditor secure your windows

    cade, Apr 28, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    529
Loading...

Share This Page