KISS – Sever Security

KISS, as in Keep It Short, Simple is an acronym that I learned a few years ago yet it’s one of the best way to describe how almost anything should work. I’ll talk a bit about how to have a secure server (or VPS, if you’re into that kind of thing) and avoid any nasty chinese h4x0rs trying to login using root as a username.

I’ll go about it in layers, from passive to active and from integrated to dedicated. I use Webmin/Virtualmin and Debian Jessie on my server, so some parts won’t apply to you if your configuration is different, but others will.

First Layer – Common Sense in Webmin (or any other cPanel)

Disable root login for the SSH server. sudo nano /etc/ssh/sshd_config and then scroll down to “#PermitRootLogin without-pass” and change that line to “PermitRootLogin no”. You can also do this by editing the SSH config inside Webmin.

Another safety measure you should take is using the Two-Factor Authentication feature present in Webmin that works with the Google Authenticator, this is basically the same Two-Factor login that’s present in Gmail, Facebook

Second Layer – Webmin Tools

Enable/Install the Fail2Ban package and activate jails according to your needs. This tool will ban people when they match certain actions. You’ll get an email regarding any actions that it takes. It’s a pretty nice tool that could basically keep you as safe as it gets without getting down and dirty. The default jails are more than enough if you don’t plan on using weird servers (e.g. Teamspeak)

Third Layer – Paranoid Android

This is the nicest layer, as it comes down to you being as paranoid and careful as you could get regarding the safety and security of your data.

IPS/IDS stands for Intrusion Prevention System or Intrusion Detection System and it will be one of your best friends to keep russian sk’s at bay.

IDS’s will let you know when stuff is going on, but won’t do much of else. Even the installation of a package will trigger a warning (if you set it to do so) that will let you know about it via an email. One of the best host based IDSs is OSSEC  which is free and open source. Again, the default rules are pretty ok for starters, but if you dig into the Documentation you’ll become a master in no time.

IPS’s will be the Cerberus for your sever and will prevent anything you don’t want happening, from SSH login attempts to root logins from shady IP classes (looking at you China). One of the best IPS’s is Snort which again is a free and open source tool. You’ll have to Sign Up or Subscribe to them to get access to a “Community Rule Package” in order to set everything up nicely with some default rules, but they have a pretty nice documentation in place that will help you customize everything pretty quickly.

As a final word, there’s no such thing as “too much infosec” as long as your systems don’t clash with each other and are set up to be redundant not just layered.



1 Response

Leave a Reply