Web Infrastructure Security Using Linux as a Tool to Eliminate Security Vulnerabilities Agenda Market Problems Top 10 Internet Security Vulnerabilities per SANS Institute And how to plug security holes Using Linux to Secure Web Infrastructure A virtually “cracker proof” Linux OS
Using Linux as a Tool to Eliminate Security Vulnerabilities
2. CGI Programs
Use the latest release:
8.2.2 patch level 5
Run BIND as unprivileged user “dns” in a “chroot prison.”
Remove unsafe and unnecessary scripts
Run Apache as unprivileged user in a chroot prison.Top Ten Security VulnerabilitiesAccording to SANS (System Administration, Networking, and Security) Institute
4. Microsoft IIS
5. Sendmail buffer overflows
6. Sadmind and Mountd
3. Don’t run if you don’t have to.
4. Don’t use it if don’t have to.
5. Replace with Qmail. Qmail has never been cracked.
StackGuard protects against buffer overflows.
Qmail is run in a chroot prison as a non-privileged user.
6. Don’t run if you don’t have to.Cont.
8. User ID esp. root
9. IMAP and POP overflows
10. Default SNMP settings
7. Don’t run NFS on Web servers.
8. System accounts are not able to login (set to /bin/false)
It is up to users to set good passwords. Include a password cracker on the machine to verify good passwords.
9. Use Qmail. It’s never been cracked.
10. Don’t run SNMP on your Web servers.Cont.
High Cost Low Cost
*IDC **Investors Business Daily