Rootconf 2012

Let there be sysadmins

Up next

Securing a Linux Web Server in 10 Steps or Less

AM

Akash Mahajan

@makash

Learn the basic approaches to securing linux based web servers without getting too technical. This talk will be useful for anyone running a linux server with full root access.

You don’t need to be an experienced system administrator to understand and use the content of this talk. But if you are a full time system admin you will get to know a structured way of looking at server security.

The following types of servers running Linux
Virtual Private Server/Dedicated Server/Rackspace Cloud Instance/Amazon EC2

Not going to help if you have your website on Shared servers like
Dreamhost/Go Daddy/Host Gator

Outline

You will learn the holistic way of securing a linux server which can serve web sites. The 80/20 rule about hardening your linux web server with minimal effort.

*In Brief This is what we will cover *

  • Reducing the attack surface.
  • Patching and Updates
  • Securing Secure Shell Access
  • Securing Apache
  • Securing MySQL
  • Logging and Monitoring
  • Setting up a basic firewall

Not going to be covered ( Mostly because of lack of time and ROI )

  • Securing Email Servers
  • Setting up VPNs
  • Protecting Against Denial of Service Attacks
  • Setting up SELinux, GRSec, Custom Kernels
  • Chroot Jails
  • DNS Server

Not Going to Discuss

  • Why Ubuntu and why not <INSERT FAV. DISTRO>
  • Why Not BSD
  • Why Apache and why not <INSERT FAV. WEB SERVER>

Requirements

Mandatory

An open mind, a sense of humour.

Good To Have

  • Bring a laptop running Ubuntu Server 10.04 LTS if you want to try out things.
  • Refresh your understanding of the TCP/IP Stack
  • Get a notebook to take notes
  • You should have some idea what the following words mean
    SSH, Apache, Web Server, Database Server, MySQL, BASH, Command Line

Speaker bio

I freelance as a Web Security Consultant. I help companies become secure by helping them understand approaches to security for servers, web applications, user data and sometimes their network.

Among other things I am the co-founder+Community Manager for “null - The Open Security Community” and OWASP Bangalore

Links

Slides

http://www.slideshare.net/akashm/securing-a-linux-web-server-in-10-steps-or-less

Comments