Archive for the ‘Linux’ Category

 

How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)

Tuesday, January 29th, 2013 by

This is Part 2 of a GoGrid security blog series on identifying and recovering from a Linux security breach. Part 1 provided general guidelines for conducting a security analysis on a compromised Linux server and forming strategic teams to address and resolve the breach.

In this article, we’ll review some recommended steps for recovering from a breach.

Recovering from the Breach

Lock the doors

Now that you’ve confirmed that there are no intruders logged in and you’ve identified the established connections, it’s time to “lock the doors.” Locking the doors largely depends on who is managing your firewall. Contact GoGrid in the event that we’re managing your firewall or perform the following actions if you manage your firewall:

  • Modify your system’s iptables configuration to restrict all remote console connections such as SSH to your office network
  • Modify your system’s iptables configuration to block all previously identified suspicious connections from and to your system.
  • Modify your system’s iptables to block all other services from the public Internet to your server. Doing so will effectively bring down your website or services, but you want to avoid compromising your customers or web site visitors.

Install and run a rootkit analyzer

(more…) «How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)»

How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)

Monday, January 28th, 2013 by

This 2-part GoGrid security blog series provides general guidelines for conducting a security analysis on a compromised Linux server and for recovering from a breach. Before you begin the security analysis, you need to consider two important factors:

1. The type of data your compromised server is storing or transmitting,
2. How important the server’s function is to your business

The data type—Personally Identifiable Information (PII) or Protected Health Information (PHI), for example—is important because your organization could be legally required to notify external parties and local or federal government agencies in the event of a breach. The compromised server’s function is important because its criticality may drive the recovery timeline.

You also may want to consider engaging a third-party that specializes in security forensics.

This series will cover 3 important items:

1) Understanding & assessing the breach
2) Setting up forensics & recovery teams
3) Recovering from the breach

Although this series won’t replace what a competent security firm can accomplish, it does provide an overview of some core processes, procedures, and activities you can do to potentially recover from a breach. And because each incident varies based on your computer system, be sure to conduct additional analysis and consult with experts to double-check your breach identification and resolution plan. (more…) «How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)»

Security Basics: 4 Steps to Tighten up Linux Security

Tuesday, November 20th, 2012 by

Our previous security articles from GoGrid discussed 5 steps to enhance your security on Microsoft Windows and how to tighten up Windows security. But what about making your Linux server security a bit more robust?

security-camera

Overview

Security studies strongly demonstrate that most systems will be attacked within 5 hours after becoming publicly accessible—in some cases, in less than 2 hours. The sources of the attacks are often unsuspecting users whose systems have been compromised by malware and are in turn being used to attack and infect other systems. The majority of attacks target two common threats:

  1. A combination of commonly used system accounts (e.g., the root account) with weak, dictionary-based passwords
  2. Systems that are missing critical or high-security vulnerabilities

Solution

This article provides GoGrid’s security recommendations for Cloud Servers running Linux. Perform these 4 steps in sequential order immediately after provisioning new GoGrid Cloud Servers to maintain the security (confidentiality + integrity + availability) of your system. (more…) «Security Basics: 4 Steps to Tighten up Linux Security»

How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6.0 GoGrid Cloud Server

Thursday, July 19th, 2012 by

Let me preface this post by saying, I am NOT a Linux guru. In fact, I consider myself to be a newbie when it comes to the intricacies of Linux. I probably know enough to be dangerous, at least dangerous to the server. So, I’m writing this post with the following disclaimer: Don’t ask me for any details on the “why” or how to do what I’m outlining below differently. But since I figured that lots of you are like me, I wanted to share.

Since I’m a Linux newbie, you’ll probably understand why I wanted to write this post though. I’m not a command line junkie—GUIs are much more my thing. But when it comes to running a server that is speedy and high performance with low overhead (e.g., doing away with GUIs), you’re probably looking at various Linux distros. What I wanted to do was set up a basic Linux system running a LAMP (Linux, Apache, MySQL, and PHP) stack that also had a web-interface and some added security controls.

The great thing about doing this type of experimentation in the cloud is that I can create essentially a Dev & Test environment where I can spin up a server in minutes, install software, configure it, and test everything out. Then if it doesn’t work the way I want it to, I can tear it down and start again from scratch. The cloud lets you do this quickly, easily, and inexpensively.

In this tutorial, you can basically have the entire configuration up and running in the GoGrid cloud in less than an hour and only spend about $0.25 to test this out (assumes a 2 GB server running for 1 hour at $0.12/GB RAM/hr.)

Here’s what we’re using:

  • CentOS 6.0 (64-bit) – with 2 GB RAM
  • Webmin – web-based interface for sysadmins for UNIX that lets users set up user accounts, Apache, DNS, file sharing, and a whole lot more
  • ConfigServer Firewall & Security (CFS) – a Stateful Packet Inspection (SPI) firewall, login/intrusion detection, and security application for Linux servers

(more…) «How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6.0 GoGrid Cloud Server»

New & Updated CentOS, Debian, RHEL and Windows Base Cloud Server Images Released on GoGrid

Thursday, September 15th, 2011 by

Yesterday we release several new and updated base GoGrid cloud server images as part of our regular Operating System refreshes.

new-updated-base-OS-images

Below is a quick lists of the New, Updated and End of Life-d base images.

New Major Versions

  • CentOS 6
  • What’s new in CentOS 6 (RHEL technical details): http://www.redhat.com/rhel/server/details/
  • This version of CentOS is not subject to the “time drift” issue
  • These machines now run in PV (paravirtualization) mode
  • Debian 6
  • (more…) «New & Updated CentOS, Debian, RHEL and Windows Base Cloud Server Images Released on GoGrid»