Jump to content

Recommended Posts

Hey guys...

 

I'd like to talk about security of my private server. Before going public, what do I need to take care of? What are the kinds of attacks and hacks that I can expect?

 

If we assume that the login details for server management are kept secret, important ports closed from public access, no backdoor in game file, and the server has hardware based DoS protection, what else is there?

 

This would've been much easier if I was an asshole myself and continually messed around with cheating and hacking. I have no experience whatsoever with malicious attempts, and this (sadly) isn't a good thing when it comes to running my own server.

 

Thanks in advance.

Link to comment
Share on other sites

  • Replies 2
  • Created
  • Last Reply

Top Posters In This Topic

I will assume your server platform  is a FreeBSD based one. "Security is a journey, not a destination", let's keep this in mind.

Probably/arguably the most abused service on a server is the sshd daemon, many and i mean MANY sysops run it with default settings and scratch their heads when funny things happen, Some configuration directives that should be set/modified follow, please feel free to add your own:

  •  have the daemon listen on a single address and different port per host, default are all addresses and port 22,  think jails, you can/must have an instance running on the host and separate instances for every jail, independently
  • disable root login, add your trusted users to wheel group so that they can su to root or use sudo to gain root privileges
  • allow only certain users  to connect (AllowUsers user1 user2 directive), use su or sudo, see above
  • use key based logins only

Bruteforce attempts should be blocked at firewall level, sshguard does work together nicely with pf, ipfw, ipfilter, even iptables

Jail your Internet facing services whenever you can (always  :D  )

Use kern.securelevel 3 sysctl but only and only when everything is set up and working the way expected, be very careful here, a superprocess can increase the secure level but cannot decrease it.

A good reading can be the Handbook and/or security(7) man page online.

Read religiously the security advisories, what help is a tied down operating system if one runs on it backdoored/buggy or otherwise compromised applications?Compile yourself your programs whenever is possible, you have access to sources, you can iron out bugs or can spot suspicious code that could/should make a security aware sysop rise an eyebrow.

Now, a scary reading for those who think security really exists: Reflections on Trusting Trust by Ken Thompson (it gets scary in Stage II, just read patiently).

 

... whatever you are, be a good one...

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.