Methods of Threats
Maintainance of Physical Security of the servers
Here the factors related to physical stability include the power supply, physical location of the server, room temperature etc. Failure of any one of the above said factors lead the server in to risks.
- Always maintain a redundant power supply and also make sure that only authorised users access the servers.
- Enable the option chassis intrusion in the BIOS settings to be aware of unauthorised users.
Running Unwanted Services and absence of firewall
When Unwanted services running on the system are not disabled or not well protected by firewall, it helps the unauthorised users to exploit the vulnerabilities in services and further having control over the system.
- Always disable unwanted services by uninstalling those services.
- Configure the startup scripts under /etc/rc.d directory in such a way that only required services are running.
- Never start a service as a root. Instead start the service in the name of user. So that expoiting the vulnerabilities in the services might not provide root access.
Remote Access for Server Administration
Using unsecured services like telnet for remote access to the servers may effect the confidentatlity of the data transfered between the server and the user. Since the communication is done in clear text, there is a chance of sniffing the user credentials for accessing the server.
Use a secure application like ssh for remote administration of the Linux Server.
Installing applications in an unsecured manner
When an application installed in the system is not configured in a secure manner, then the exploitation of that application will affect the remaining applications on the system.
- Penetration testing should be performed on the applications to traceout the vulnerabilities in the system.
- Install the applications that are publicly accessible in a chroot environment if it supports. As exploiting this type of applications may not effect the other applications running on the same system.
- Always ensure that the user account on which the public services are running should not be provoded shell prompt access.
Using Insecure File Services
When insecure file services like File Transfer Protocol (FTP) is used for uploading and downloading the data from server, it may affect the confidentiality of the transferred data. This is possible, since FTP do not support data encryption by default.
- It is recommendable to implement access control lists on linux server for defining better access previliges to the files.
- Use encryption, while providing file transfer services.
Maintaining Insecure web services
Web services like apache running on a linux server may expose to risks when configured in an improper manner. This will include providing root previliges for running the web services, not using encryption while providing critical web services and not taking precautions for avoiding Denial of Service attacks and not maintaining the logs which will track the user access events etc.
- When the web content provided by a particular linux server is critical, then use encryption by enabling SSL over http.
- To avoid denial of service type attacks, define number of requests accepted by the web server in a particular given time.
- Backup of critical data should be taken on regular basis.
Unsecured Mail Services
Linux Mail servers uses SMTP protocol for transferring emails and POP or IMAP protocol for retreiving the mails from users mailbox. In an Organisation, in order to transfer mails from internal network to internet a SMTP gateway will be used. If it is not well secured it may result two types of well known attacks.
- One type of attack is called relaying. Any unauthorised user once he is aware the SMTP server details, he can transfer the mails to other domain mail servers without any authentication at the SMTP server. In this type of attack, the unauthorised user is interested in propagating malicious content to other mail server domains instead of gaining access to it.
- Other type of attack involves the unauthorised user in exploring the mail account information by using SMTP commands like PASV, VERB, VRFY, EXPN and then gaining access to the internal network further.
Disabling the SMTP verberose mode is recommended on the SMTP server which is connected directly to the internet.