Linux System Calls Question:
How will you harden the server?
Answer:
A Server-- it is weather in testing or production-- are primary targets for
the attackers. By taking the proper steps, you can turn a vulnerable box into
a hardened server.
How to secure SSH sessions, configure firewall rules, minimize software, listed below,
1. Encrypt Data communication
-- use scp, ssh avoid FTP, Telnet and Rlogin /rsh
2. Minimize Software to minimize vulnerability
-- use RPM pkg management / YUM utility to remove unwanted packages installed
3. One Network Service per System or Vm Instance
-- Run different network services on separate servers or vm instance.
For example, if an attacker able to successfully exploit software called
Apache flow, he/she get an access to entire server including other services
such as MYSQL, email server and so on.
4. Keep linux software and Kernel up to date.
-- Use yum update or up2date
some distros apt-get update
5. Security essentials like selinux
6. password authentication like password aging, restricting to user previous
passphrases, and locking user accounts after login failures.
7. Disable unwanted services using chkconfig --list | grep "3:on"
the attackers. By taking the proper steps, you can turn a vulnerable box into
a hardened server.
How to secure SSH sessions, configure firewall rules, minimize software, listed below,
1. Encrypt Data communication
-- use scp, ssh avoid FTP, Telnet and Rlogin /rsh
2. Minimize Software to minimize vulnerability
-- use RPM pkg management / YUM utility to remove unwanted packages installed
3. One Network Service per System or Vm Instance
-- Run different network services on separate servers or vm instance.
For example, if an attacker able to successfully exploit software called
Apache flow, he/she get an access to entire server including other services
such as MYSQL, email server and so on.
4. Keep linux software and Kernel up to date.
-- Use yum update or up2date
some distros apt-get update
5. Security essentials like selinux
6. password authentication like password aging, restricting to user previous
passphrases, and locking user accounts after login failures.
7. Disable unwanted services using chkconfig --list | grep "3:on"
| Previous Question | Next Question |
| Where the History file can be located? | Difference between Raid 1 and Raid 5? |