pantek-icon-shield-1

Simple Server Security Through Obscurity

There are many security procedures and policies required to maintain a secure Linux server. However, many overlook simple things that can increase the security of your servers and networks in the production environment. This blog article will focus on some Security Through Obscurity measures that are easy to implement.

Security Through Obscurity.

  1. Don’t use descriptive DNS entries. Many organizations use descriptive DNS entries (ie mail.domain.com, router.domain.com or firewall.domain.com). However, there is no DNS requirement to do this and descriptive DNS entries can direct someone to the most critical elements of your network. When you pick the names for these and other servers keep in mind that automated attacks may single out descriptive names like smtp.domain.tld. Consider simple changes to prevent automated attacks such as using 01router.domain.tld, or routera.domain.tld. You get the idea.
  1. Don’t run ssh, ftp, telnet, and webmin on a standard port. You run the risk of being the victim of a automated attack. Any service that listens can run on a non standard port. Of course www and smtp usually must use the standard ports, but most everything else can be changed to a different port.
    • Changing the port that sshd listens on.
      • Edit the /etc/ssh/sshd_conf file and change the port to something other than 22 and make sure only protocol 2 is enabled.
      • Consider setting “PermitRootLogin No” to deny root logins, this requires users to either su to root or use sudo for superuser commands
    • To change the port for Webmin:
      • Log on to Webmin
      • Click on the Port and Address icon on the modules main page
      • Change the port number by entering a number into the Listen on port field
      • Hit the Save button to use the new settings.
  1. Change the default URL on web applications. To help prevent automated attacks, change the default URL to be anything but the default URL. A good example is http://www.domain.tld/mail for a webmail interface, even using mail1 will save you from an automated attack. Other examples are /stats, /awstats, /webstats, /forum, /cart, even changing /cgi-bin to something like /cgi-bin1 can be a bit of work modifying code or config files but it’s well worth it.
  1. Change the default names of standard scripts. To help prevent automated attacks, change the default names of standard scripts. A good example is FormMail.pl, rename this to to sendmemail.pl or something so an automated attack can’t find it. This will work for things like /awstats also, you simply edit the /etc/httpd/conf.d/awstats.conf and add a 1 or something, again an automated attack can’t find it then.

In and of themselves, these suggestions will not provide a secure production environment. Utilizing these simple Security Through Obscurity techniques is recommended in conjunction with other security practices to enhance the security of your overall environment. Contact Pantek today for assistance securing your Linux servers.

Pantek Named Finalist for Green Award

CybrHost’s parent company, Pantek Inc., has been named a finalist for the 2011 Green Plus North American Sustainable Enterprise Award. Pantek’s environmental efforts and success in balancing strong business, community, and environmental practices while minimizing environmental impact are worthy of recognition.

Full story click here: http://www.gogreenplus.org/2011/01/20/2011-green-plus-award-north-american-sustainable-enterprise-finalists-announced/

CybrHost Named Finalist for Green Award

CybrHost’s parent company, Pantek Inc., has been named a finalist for the 2011 Green Plus North American Sustainable Enterprise Award. Pantek’s environmental efforts and success in balancing strong business, community, and environmental practices while minimizing environmental impact are worthy of recognition.

Full story click here: http://www.gogreenplus.org/2011/01/20/2011-green-plus-award-north-american-sustainable-enterprise-finalists-announced/

If it’s Broken, Pantek Will Fix it… But What About Prevention?

Independence, Ohio – Pantek now offers Linux Managed Services (http://www.pantek.com/managed) for proactive Linux and Open Source Software support. Their new services are designed to help offload day-to-day server related management, improve network operations and identify potential problems before they escalate.

“Traditionally our business has been focused on providing 24/7 emergency technical support. With the launch of our Linux Managed Services we hope to reach organizations with a more proactive approach to managing and maintaining their servers,” said Sales and Marketing Manager, Jay Myers. “We’ll continue to provide expert emergency support around the clock, but now we can better help avoid those emergencies in the first place.”

Pantek’s Linux Server Management Services can be customized to fit your specific needs.

CybrHost Hires Regan as Associate Systems Administrator

CybrHost Corporation has hired Patrick Regan as an Associate Systems Administrator. He brings with him over 3 years of technical expertise in Systems Administration, Analysis and Development. Patrick has developed his skills at such companies as Quadax Inc.and Abison Inc. His experience with a wide variety of Open Source applications, Linux operating systems and open source development platforms will be a great addition to the CybrHost team.

Patrick is an alumnus of Loras College in Dubuque, Iowa, where he earned his Bachelor of Science degree in Computer Science. He has also attended graduate classes at Kent State University in Kent, Ohio. Patrick is an active member of the Cleveland Python Group (CLEPY), the Akron Linux Users Group (ALUG), and the Association for Computing Machinery (ACM).

Full story click here: http://www.prlog.org/11203595-cybrhost-hires-regan-as-associate-systems-administrator.html