Security Advice For Server Owners

These are some very general remarks and recommendations on server security, e.g. for owners of research servers.

1. Be aware that every machine visible on the internet is being hammered with logon attempts - always, from second one, constantly :)

if you wanna check you own server, run a

% grep failure /var/log/*

or equivalent.

2. What can/should you do?

2a. If you really really need password based access of any kind - make the passwords strong! You know how, right? It is better to not allow for any username/password based access.

2b. For ssh logon - best to not allow username/passwords based access at all.

Make it key-based only. Do not allow for Root logon.

Move away from default port. Obscurity is no security, but it gets you rid of a lot of automated dumb attack traffic and random script kiddie connects.

e.g.

% edit /etc/ssh/sshd_config

        Port <some high port number>
        PermitRootLogin no
        PasswordAuthentication no

2c. no ftp, no telnet - ever!

2d. all relevant web services that allow for login, exchange of credentials, etc - over https only - NOT http

2e. install, understand and configure these tools:

% apt-get install denyhosts fail2ban ufw

the first two will ban/deny any possible intruders, the latter is an easy to use interface to iptables

3. in case of any questions, or in case you would like us to firewall your machine from outside - pls ask!

researchIT_(you know what an email looks like ...)_itu.dk