Vulnerability Development mailing list archives
Re: Securing of systems....
From: "Brooke, O'neil (EXP)" <o'neil.brooke () LMCO COM>
Date: Tue, 1 Aug 2000 10:27:34 -0400
Hi It would have been helpful if you had included in your message the distribution of linux that you plan on using. I know that there are projects to build secure RedHat's. I'm not sure about the other distributions. Openbsd is supposed to be very secure and there is probably allot of information on securing freebsd. If you are expecting to find an all inclusive Security-how-to you will be looking for a long time. ;) I would recommend that you buy some good books. I read hacking exposed and thought that was a good book. Essentially you are going to have to review all exposed ports on the machine. (do a port scan yourself) Investigate each of those exposed ports, find out why they are open, find out if they NEED (if it's not essential then kill it!) to be open, find out if there are any patches for the ESSENTIAL applications. Never give out shell access to the machine. If someone gets shell and has a bit of intelligence and the desire to, they will root your machine. Keep these machines single purpose machines. They will be easier to secure and may be more stable if fewer applications are running or installed. If you do not absolutely NEED a web server on it, don't install one. Kill FTP. Kill telnet and use ssh. Locking a system down is a matter of striping everything out and allowing only those applications that are absolutely required to fulfill the stated requirements. Once you have your short list of applications you need to be sure that they do not introduce any vulnerabilities. Another precaution would be to search the net for 'root kits' and examine them. Find a way to detect if your binaries have been modified. There are applications that will do this for you, but you will be better served if you were to learn how to do this yourself. Since it's only a game server you should not trust it and consider that it has been rooted. This level of mistrust should pervade all of your application and / or network designs. For example these game servers should be segmented off of your main network in such a way that sniffers installed on it would not pick up any vital data. If you need to pass information between you game servers and a trusted computer, secure that link so that it cannot be exploited in the event that the machine is compromised. Hope this helps a bit O'Neil
-----Original Message----- From: Snehal Dasari [SMTP:pavehawk () NAPALM NET] Sent: Monday, July 31, 2000 5:39 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Securing of systems.... Hi, I'm not exactly sure if this is the right group to post to, so my apologies if it is. I was recently contacted by a ISP to build up some linux servers to act as their game servers. And that's sort of my problem. Basically, these are going to be high profile machines (as far as gaming machines go) and I'd like to secure them as best as possible. I play with linux on a personal scale, but have never deployed linux in a commercial environment. The question I'm asking is this: Is there any document on the net that pertains to securing a linux box used for commercial purposes? I've had a look and I cannot see a document of any use. There are program specific (ipchains-HOWTO) but they give you the indepth of it all..I'm sort of looking for a document that covers it at a higher level. These servers will be running multiple game servers from each unit. Regards, Snehal Dasari
Current thread:
- Securing of systems.... Snehal Dasari (Aug 01)
- Re: Securing of systems.... Robert A. Seace (Aug 02)
- Re: Securing of systems.... Ryan Yagatich (Aug 02)
- Re: Securing of systems.... Taneli Huuskonen (Aug 03)
- Re: Securing of systems.... vamp (Aug 02)
- Re: Securing of systems.... Crispin Cowan (Aug 02)
- Re: Securing of systems.... Robert D. (Aug 02)
- <Possible follow-ups>
- Re: Securing of systems.... Brooke, O'neil (EXP) (Aug 02)
- Re: Securing of systems.... J. Oquendo (Aug 02)
- Re: Securing of systems.... jason (Aug 02)
- Re: Securing of systems.... Dunker, Noah (Aug 05)
- Re: Securing of systems.... roman (Aug 18)