1,105,221 Community Members

How Secure Is My Server?

Member Avatar
Octet
Posting Pro
579 posts since Nov 2011
Reputation Points: 45 [?]
Q&As Helped to Solve: 53 [?]
Skill Endorsements: 16 [?]
Featured
Sponsor
 
0
 

I know this question is extremelly hard to answer without actually checking how I setup my server, but I wondered if anyone could give me a quick rundown and/or information as to how I could check and protect it further.
I am running a Web Hosting Server using old computer components, the server runs Ubuntu 11.10 Server Edition and automatically updates.
I am also running the Linux Firewall and a seperate firewall package. I only allow Ports 22 and 80 to be accessed.
The server is connected via ethernet to my router which also has it's own firewall and again, only allows ports 22 and 80 and when those ports are accessed it points it to the server.

I am running a MySQL database and I have placed various anti-SQL Injection lines into my site to prevent people from infecting the database.


Can anyone else suggest what I can do to further improve security, rate my security and/or tell me what sort of damage they can do if someone got in? When I say this, I primarily mean to other machines on the network as opposed to the server itself.


Thank you

Member Avatar
rch1231
Veteran Poster
1,182 posts since Sep 2009
Reputation Points: 131 [?]
Q&As Helped to Solve: 193 [?]
Skill Endorsements: 13 [?]
 
0
 

Hello,

I would try running nmap against your server and take a look at this site for some suggestions on security settings to use.
http://www.tldp.org/HOWTO/Security-HOWTO/

Member Avatar
cereal
Posting Virtuoso
1,710 posts since Aug 2007
Reputation Points: 461 [?]
Q&As Helped to Solve: 345 [?]
Skill Endorsements: 44 [?]
 
0
 

In addition search for "MySQL hardening" to enhance MySQL config and try RatProxy to test your application: http://code.google.com/p/ratproxy/

Member Avatar
rubberman
Senior Poster
3,989 posts since Mar 2010
Reputation Points: 513 [?]
Q&As Helped to Solve: 500 [?]
Skill Endorsements: 87 [?]
 
0
 

In my experience, your basic configuration at process is solid. However, you need to make sure that your web applications are not susceptible to SQL injection attacks. That is likely your most vulnerable point of system compromise.

Question Answered as of 1 Year Ago by cereal, rch1231 and rubberman
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: