March 2007 Archives

OpenProtect

By Robbie Bow on March 11, 2007 7:28 AM | | Comments (0)
So in my quest to find out how to filter mail from my server to the outside for spam I went around in circles on various sites with no luck. Then I cam across OpenProtect which does one of my favourite things: puts a candy wrapper around some uglies making it easy to use. It includes SpamAssassin, ClamAV, and even installs a DNS cache if you so wish. It's simple to install, and they've made the effort with the documentation too. Now mail arising from scripts on my server (CGIs, PHP pages etc) are automatically filtered for spam and viruses. It's my last line of defence against spammers exploiting hooky scripts

Now to get comcast.net to accept my emails..

Access Denied

By Robbie Bow on March 10, 2007 7:48 AM | | Comments (0)
I decided it was time to have a crackdown on security. A zero-tolerance attitude to hackers. A war on back-doors. This coincides with my new job that I start in a few weeks and I then move from a Windows dominated production environment to a BSD dominated one, so it's time to brush up my Unix systems skills.

Anyway, I've found a few things useful in this quest for security:

denyhosts

An extremely convenient python based application that helps block SSH attacks. It can be run as a daemon, or a cronjob, or on demand. Configure the config file, fire it up and it will add entries into your hosts.deny file based on your config settings. denyhosts is a great addition to your security set up. tdot has a good article on how to use it on demand, ensuring that there aren't any windows of opportunity for hackers.

ISP firewall

I only recently noticed that my ISP - 1&1 - provide a tool to configure a CISCO based firewall inclusive in the hosting package (which isn't bad for an entry level server package). Nice to know that whatever things I forget to do on the server (did I leave FTP running?) there's a second layer of defence to block unwanted traffic to ports that just should not be open.

I've heard, and appreciate the argument that no-one should need a firewall. If you don't want traffic on a port, stop whatever is listening to that port from listening to it. Still, I trust my bank has a large safe with a great lock on it, but I would be surprised if the door to the safe was on the outside of the building. Occasionally you open things. Either by mistake or temporarily in the process of doing something else. You might even forget to close them. Securing human error matters!

nmap

Simple tool to check what ports are open on a given IP Address. There's even a version for Windows, which means I can configure the firewall at 1&1 and test it from my WinXP desktop to confirm.

What next?

I'm working on spam blocking qmail-inject so that like the firewall I have a second line of defence for scripts that send emails. See my earlier entry on MIME injection attacks for details of what a pain these can be. I know the scripts on my server are secured against this, but I don't know that they always will be. One user might change one or add one. Hence I want to filter outgoing mail at the MTA level. I'll be looking at spamd as a starting point.
« December 2006 | Main Index | Archives | April 2007 »

Search

About this Archive

This page is an archive of entries from March 2007 listed from newest to oldest.

December 2006 is the previous archive.

April 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.1