TR Forums

With my newly purchased static IP at my shop, I'm now running a Apache 2.x webserver in SuSE Linux 8.2. What I'd like to know is, how can I test the security of my server/firewall? I don't want to ask for hacking tools really, just curious to see if there were any tried and true methods of making sure I want this box public.

Any suggestions?

First off this might get more replies if it were moved to the Linux section..

Next, there really is not tried and true way of verifying that your system is secure since a new exploit could come available 2 seconds after your system was completely secured. That aside....

1. Make sure that you are only running services that you are using.

Note: Default installs of Linux OS's tend to leave a lot of unneeded services running in the background that are not used and could be exploited.

2. Become obsessed with updating your server. New patches, versions, fixes are released on a daily basis.

Note: SuSE has an excellent automatic update system that can be configured through YaST, I suggest that you enable it and allow it to complete the daily update routing.

3. Run a port scan on your server and identify all the open ports that are reported. Cross reference those ports with the ports that you would expect to be open. IE Port 80 is the port that Apache runs on. Etc. Etc. These ports are what hackers are going to see and try to exploit.

4. Check your logs a lot. Log files are an excellent way to pick up on problems before they became PROBLEMS!!! if you know what I mean.

5. Install apps like Tripwire that make a fingerprint of your system and then compare it daily to see if certain non-changing files changed. This is a way to detect if your system has been compromised.

This is just the bare basics and by no means even a little of what should be done with securing your server. For that, pick up a few books, check out howtos, read newsgroup and forum posts, mailing lists, get the point. Use the vast amount of info that is out there and allow it to point you in the right direction. There is no one way to secure a system, but many have found success in their plans and actions.

1. Make sure that you are only running services that you are using.

Note: Default installs of Linux OS's tend to leave a lot of unneeded services running in the background that are not used and could be exploited.

Gotcha.

2. Become obsessed with updating your server. New patches, versions, fixes are released on a daily basis.

Note: SuSE has an excellent automatic update system that can be configured through YaST, I suggest that you enable it and allow it to complete the daily update routing.

I'm already update obsessed, If it has a revision, be it firmware, software, whatever, I flash it/upgrade. YAST2 is my friend and I use it often.

3. Run a port scan on your server and identify all the open ports that are reported. Cross reference those ports with the ports that you would expect to be open. IE Port 80 is the port that Apache runs on. Etc. Etc. These ports are what hackers are going to see and try to exploit.

See, this is the kind of thing I know little about. For as much as I keep up on hardware, I know jack about programs to do port scans. Can you refer me to any particular application?

4. Check your logs a lot. Log files are an excellent way to pick up on problems before they became PROBLEMS!!! if you know what I mean.

Good idea.

5. Install apps like Tripwire that make a fingerprint of your system and then compare it daily to see if certain non-changing files changed. This is a way to detect if your system has been compromised.

Sounds like a good proggie. Again, I don't use these sorts of things so this is good info for me.

This is just the bare basics and by no means even a little of what should be done with securing your server. For that, pick up a few books, check out howtos, read newsgroup and forum posts, mailing lists, get the point. Use the vast amount of info that is out there and allow it to point you in the right direction. There is no one way to secure a system, but many have found success in their plans and actions.

I know things change often and I need to stay up. I've been wanting to further this aspect of my learning, I just don't know what software to look for or use. Thanks for your help.

See, this is the kind of thing I know little about. For as much as I keep up on hardware, I know jack about programs to do port scans. Can you refer me to any particular application?

Nmap is probally one of the best that I have seen and used.

http://download.insecure.org/nmap/dist/nmap-3.30-win32.zip

The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.

http://www.nessus.org

Give me your IP and I will nuke.

Just messing with you.

If you can get a 2nd static IP, assign the webserver its own IP address and put it behind a separate firewall (or use the built-in firewall features of Linux). That way even if the server does get compromised, the attacker can't use it as a back door to get at the rest of your machines.

In other words... as far as the rest of your LAN is concerned, the web server is "potentially hostile".

Overly paranoid, perhaps... but depending on how valuable the information on the other computers is, the extra peace of mind might be worth it.

OllieTech wrote:

Make sure that you are only running services that you are using.

Just want to expand on this.
Some *nix stuff you don't need is:

X[windows] - *nix GUI is provided by X, which is able to be accessed over the network. Hence, exploitable besides unnecessary for servers.

Use OpenSSH, NOT telnet for remote access. Telnet transfers information in clear text, making it easy to sniff while SSH is encrypted.

The safest *nix install is one where you choose the absolute bare minimum necessary to run - sure you'll find you missed something for a bit but once you know what you actually need you'll be better off.

All good stuff. Keep it commin'!