Server Security
Learning outcomes:
Able to Monitor users, apps, ports, traffic settings and logs
Describe server hardening steps and best practices
Able to create and edit scripts for common security concerns
VIDEO
Would you like to download my PowerPoint to follow along?
Server Health Monitoring
System Hardening
Lock down your hardware (USB booting) and BIOS password lock
Check your file system for anomalies (Missing partitions/cmds)
Check your repos/PPA, do you still need them all?
Check your installed programs/services, are they up to date? Patches? Stil required?
Check ports and protocols (SSH access)
Root login check (Do you need it enabled?)
Is your system up to date and patched?
If your system as SELinux, enable it if possible
User password rules
Log monitoring and auditing
Backups
Check for Rootkits
Now with Handy Checklist!
Least Privilege
Policy of least privilege
What can we do to limit user access?
What should/shouldn't we do as server admins to limit access
Security policies in general
Patching, user education, audits, password policies
Security implementation
How are we enforcing our policy?
IDS vs IPS
IDS
IPS
Intrusion Protection System
Accepts or rejection of packets based on rule sets, active traffic control
Needs updates based on new threat data
NO humans required to run once it's setup as long as it's updated regularly
Can do an alarm, but can also take down intruders
Vulnerability Scanning
Find your attack surface
Automate security audits
Help create a prioritized list of vulnerabilities
Easier to keep up to date and run quickly
End Point Protections
Goal is to protect enterprise data even in the case of BYOD
Endpoint refers to the endpoint of the network, such as things outside the firewall
Client-Server model,Can be centrally managed server, or a SaaS (Software-as-a-Service) type solution
Scan types in general beyond server vulnerability scanning
Realtime vs preset time scans
Signature vs behavioral/heuristic
Scan inbound/outbound traffic or both
Support and uptime requirements must also be taken into consideration when scanning
Logs
We track things like Application, event, service and system logs
How long are the logs kept? And how do we do log rotation
How and when do we review the logs?
Log Analysis scripts vs 3rd party tools
Log audits and backups
Save on write only media (such CD) or mount to different network (So they'd have to hack 2 networks)
Hash log files to check for changes
How to check Linux logs
Some examples of Linux Specific logs:
/var/log/messages - generic system activity logs
/var/log/auth.log - authentication related logs
/var/log/boot.log - system initialization and boot related info
/var/log/dmesg - Hardware and driver logs
/var/log/kern/log - kernel related logs
/var/log/faillog - failed logins
/var/log/cron - cron job logging
/var/log/yum.log - log of installs
There are also logs for mail services, Apache, MySQL and more.
Dashboards
But what happens if we have too much information? That's where Dashboards come in.
Know what's happening in real time
Get alerts for things you specify
Get real time data visualized
Collect multiple forms of data
Files, directories and more
Business analytics
Troubleshooting
Overall view of your server
Best Practices and Checklists
Suggested Activities and Discussion Topics:
Login to your server and start trying to monitor the health using some common commands. Start with the following commands: iostat, nmon, cat /proc/meminfo, mpstat, ps, pstree, tcpdump and uptime. What are you seeing? Could you turn these into a script? How can you document both your script and the results to share with others?
Login to one of your servers and Try Installing OpenVAS. The GitHub Repo for OpenVAS can be used to make the project, there is also a Limited Trial if you prefer that.
Complete the lab that is found on This PDF for scripting part 1 Make sure you are paying careful attention to the requirements.
Complete the lab that is found on This PDF for scripting part 2 Make sure you are paying careful attention to the requirements.
Complete the lab that is found on This PDF for how to harden your server Make sure you are paying careful attention to the requirements.
Would you like to see some more classes?
Click here