Rootconf 2012

Let there be sysadmins

Akash Mahajan

@makash

Securing a Linux Web Server in 10 Steps or Less

Submitted May 9, 2012

Learn the basic approaches to securing linux based web servers without getting too technical. This talk will be useful for anyone running a linux server with full root access.

You don’t need to be an experienced system administrator to understand and use the content of this talk. But if you are a full time system admin you will get to know a structured way of looking at server security.

The following types of servers running Linux
Virtual Private Server/Dedicated Server/Rackspace Cloud Instance/Amazon EC2

Not going to help if you have your website on Shared servers like
Dreamhost/Go Daddy/Host Gator

Outline

You will learn the holistic way of securing a linux server which can serve web sites. The 80/20 rule about hardening your linux web server with minimal effort.

*In Brief This is what we will cover *

  • Reducing the attack surface.
  • Patching and Updates
  • Securing Secure Shell Access
  • Securing Apache
  • Securing MySQL
  • Logging and Monitoring
  • Setting up a basic firewall

Not going to be covered ( Mostly because of lack of time and ROI )

  • Securing Email Servers
  • Setting up VPNs
  • Protecting Against Denial of Service Attacks
  • Setting up SELinux, GRSec, Custom Kernels
  • Chroot Jails
  • DNS Server

Not Going to Discuss

  • Why Ubuntu and why not <INSERT FAV. DISTRO>
  • Why Not BSD
  • Why Apache and why not <INSERT FAV. WEB SERVER>

Requirements

Mandatory

An open mind, a sense of humour.

Good To Have

  • Bring a laptop running Ubuntu Server 10.04 LTS if you want to try out things.
  • Refresh your understanding of the TCP/IP Stack
  • Get a notebook to take notes
  • You should have some idea what the following words mean
    SSH, Apache, Web Server, Database Server, MySQL, BASH, Command Line

Speaker bio

I freelance as a Web Security Consultant. I help companies become secure by helping them understand approaches to security for servers, web applications, user data and sometimes their network.

Among other things I am the co-founder+Community Manager for “null - The Open Security Community” and OWASP Bangalore

Links

Slides

http://www.slideshare.net/akashm/securing-a-linux-web-server-in-10-steps-or-less

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}