Access Denied
I decided it was time to have a crackdown on security. A zero-tolerance attitude to hackers. A war on back-doors. This coincides with my new job that I start in a few weeks and I then move from a Windows dominated production environment to a BSD dominated one, so it's time to brush up my Unix systems skills.
Anyway, I've found a few things useful in this quest for security:
I've heard, and appreciate the argument that no-one should need a firewall. If you don't want traffic on a port, stop whatever is listening to that port from listening to it. Still, I trust my bank has a large safe with a great lock on it, but I would be surprised if the door to the safe was on the outside of the building. Occasionally you open things. Either by mistake or temporarily in the process of doing something else. You might even forget to close them. Securing human error matters!
Anyway, I've found a few things useful in this quest for security:
denyhosts
An extremely convenient python based application that helps block SSH attacks. It can be run as a daemon, or a cronjob, or on demand. Configure the config file, fire it up and it will add entries into your hosts.deny file based on your config settings. denyhosts is a great addition to your security set up. tdot has a good article on how to use it on demand, ensuring that there aren't any windows of opportunity for hackers.ISP firewall
I only recently noticed that my ISP - 1&1 - provide a tool to configure a CISCO based firewall inclusive in the hosting package (which isn't bad for an entry level server package). Nice to know that whatever things I forget to do on the server (did I leave FTP running?) there's a second layer of defence to block unwanted traffic to ports that just should not be open.I've heard, and appreciate the argument that no-one should need a firewall. If you don't want traffic on a port, stop whatever is listening to that port from listening to it. Still, I trust my bank has a large safe with a great lock on it, but I would be surprised if the door to the safe was on the outside of the building. Occasionally you open things. Either by mistake or temporarily in the process of doing something else. You might even forget to close them. Securing human error matters!
nmap
Simple tool to check what ports are open on a given IP Address. There's even a version for Windows, which means I can configure the firewall at 1&1 and test it from my WinXP desktop to confirm.What next?
I'm working on spam blocking qmail-inject so that like the firewall I have a second line of defence for scripts that send emails. See my earlier entry on MIME injection attacks for details of what a pain these can be. I know the scripts on my server are secured against this, but I don't know that they always will be. One user might change one or add one. Hence I want to filter outgoing mail at the MTA level. I'll be looking at spamd as a starting point.0 TrackBacks
Listed below are links to blogs that reference this entry: Access Denied.
TrackBack URL for this entry: http://www.robbiebow.co.uk/mt/mt-tb.cgi/2
Leave a comment