Linux-based server system risk assessment

Source: Internet
Author: User
Linux-based server system risk assessment-Linux Enterprise Application-Linux server application information, the following is a detailed description. Source: TechTarget China

To maintain an enterprise-level Secure Computing Environment, policies and processes need to be designed to minimize unauthorized access to systems and data. To protect Linux-based computer assets from these threats, like many other security-centric processes, you must know what you want to protect and how others may try to obtain access. Successful security management is a mentality. That is to say, think like a bad child.

In this article, we will discuss the risk assessment of Linux-based server systems.

The first step to ensure the security of your Linux Server System is to correctly assess the risks. Only in this way can an enterprise deploy an effective set of protection measures to prevent and detect, and, if necessary, correctly respond to possible violations.

First, identify the Linux assets to be protected. Assets may include hardware, software, data, or services that run like email or Web site hosts. Every asset has value, either monetary value or potential revenue in the future.

Then, identify the potential threats to each asset. Threats may come from internal or external organizations. Some internal threats are only accidental, but some may be malicious.

Threats to assets depend on the motives of attacks and how attackers can access assets. The motivation may be purely a challenge, hurting the asset owner, or for profit. Attackers may want to access your data or simply deny access by legal users. Each threat has an inevitable possibility of being exploited, which is usually related to the value of assets. Although it is difficult to understand and Change widely within the organization, a risk management framework is used to allocate a possibility to each identified threat, it will help you prioritize the actions needed to mitigate these risks.

Although it is not possible to list all potential threats, an overview of the most common risks allows you to start your own risk assessment.

The most tricky threat is the user. Despite various protection mechanisms, people will be fooled or blackmailed to make inappropriate behaviors. User awareness, training, and access permissions are important to mitigate any Linux risks.

Passwords often represent the most common weakness in any computing environment. To identify insecure logon passwords, run a password validity checker such as John the Ripper. The passwords of applications and databases should also be "cracked" or modified to meet such requirements. In addition, access authorization is not required on Linux servers. For example, if the password file (/etc/passwd) is remotely distributed (through the rcp/rcopy program or the NIS service), the user may have the login access permission to the server that has never been used, thus, it creates a potential threat without benefits.

Another major threat is the network. Any user who can access your local network (physical or wireless) may try to connect to any other assets on the network. All Linux systems run Open Network Ports and wait for programs from network queries. Each such service represents a threat, either through fraud authentication, or access may be mistakenly allowed due to software flaws. Use the netstat command to find all open ports in the system.

Use the Nmap tool to scan open ports of other machines on the network. Each open port represents a threat and should be disabled or monitored for illegal access. Do not ignore any traditional dial-up access points. A firewall is the border between a trusted network and an untrusted network (such as the Internet. Your Firewall should be configured to transmit data only on known and required ports. Each port that the firewall transmits data is also a threat.

In addition to normal monitoring, You should also check the logs to associate the required access. The Lastlog command displays user logon information. Various log information can be found in the path/var/log/messages. Many applications and databases also provide a record mechanism to trace users' access. By checking these logs, you can observe who is using them and (possibly) who needs to access specific resources.

No matter what complicated software is defective, it is understood only when defects are expressed in undesirable behavior. Common Bugs only damage data or cause downtime, but some may cause unexpected consequences, such as allowing unauthorized access. This is clearly a major hazard. Attackers constantly search for these types of bugs, and vendors try their best to fix them and provide software patches when discovering these bugs. What you can do is ensure that your operating system and application software are regularly checked and updated.

Check whether the software update process on the Linux Server depends on the application or the Linux version. For example, in Ubuntu Linux, an update manager is provided (which can be found through the menu "system> Management> Software source"), and can be configured to check for updates every day. The more frequently you check for updates, the smaller your vulnerability window will be. Exercise caution when using free programs or software from unverified sources or authors.

The most important software to monitor and maintain updates is the software that faces external environments, such as Web servers and network applications (such as VPN or SSH ). Web server software regularly detects bad configurations and bugs. Web applications may encounter malicious input data for improper applications. Most Web application languages, such as Perl, Python, Ruby, or PHP, have tools or available attachments to purify input data and prohibit user input code, such as SQL or Java scripts. Receiving user data from your Web server or other applications in the external environment poses a possible threat. Similarly, checking any log files generated by these programs helps you identify legal and illegal access.

Source: http://www.searchsecurity.com.cn/showcontent.aspx? Aid = 45545.
Author: King Ables Translator: Odyssey

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.