Web Infrastructure Security Using Linux as a Tool to Eliminate Security Vulnerabilities Agenda Market Problems Top 10 Internet Security Vulnerabilities per SANS Institute And how to plug security holes Using Linux to Secure Web Infrastructure A virtually “cracker proof” Linux OS
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Using Linux as a Tool to Eliminate Security Vulnerabilities
2. CGI Programs
Use the latest release:
8.2.2 patch level 5
Run BIND as unprivileged user “dns” in a “chroot prison.”
Remove unsafe and unnecessary scripts
Run Apache as unprivileged user in a chroot prison.Top Ten Security VulnerabilitiesAccording to SANS (System Administration, Networking, and Security) Institute
4. Microsoft IIS
5. Sendmail buffer overflows
6. Sadmind and Mountd
3. Don’t run if you don’t have to.
4. Don’t use it if don’t have to.
5. Replace with Qmail. Qmail has never been cracked.
StackGuard protects against buffer overflows.
Qmail is run in a chroot prison as a non-privileged user.
6. Don’t run if you don’t have to.Cont.
8. User ID esp. root
9. IMAP and POP overflows
10. Default SNMP settings
7. Don’t run NFS on Web servers.
8. System accounts are not able to login (set to /bin/false)
It is up to users to set good passwords. Include a password cracker on the machine to verify good passwords.
9. Use Qmail. It’s never been cracked.
10. Don’t run SNMP on your Web servers.Cont.
High Cost Low Cost
*IDC **Investors Business Daily