Linux (Ubuntu Server 12.04LTS) Security.

[zeroburn]

Hey, hey, i know, close unused ports, use good passwords, dont mess with "live" servers. But my question is, how to put a patch over security holes that are in the programs, securing the web server, etc.

I ask this because from looking around, i hear a lot that linux is the optimal OS type to hack, and because of security holes in the software, etc.

I know that often enough, security of modern linux and other 'nix distros has become less and less of a concern, but i want to cover all my bases.

Through my browsing online, I found the NSA SNaC "60 Minute Network Defense" handbook. I read through this a few times, but it did not give me anything other than password security, closing ports, and logging.

Does anyone know of any handbooks that are specific to the Ubuntu Server OS, or any Debain based server OS?

My network is primarily comprised of servers, running Ubuntu. There are a few windows workstations and a couple other linux desktop distros attached to the network.

Any *free* Network administration newsletters and the otherwise would be helpful. thanks.

[Rob Pomeroy]

Hey, hey, i know, close unused ports, use good passwords, dont mess with "live" servers. But my question is, how to put a patch over security holes that are in the programs, securing the web server, etc.

Security is all about reducing your attack surface.  As you say, firewall-level security needs to be part of your overall security strategy.  Some web application firewalls include web query inspection and can provide some measure of security against known attack methods.  But I'm guessing you're not using a sophisticated web reverse proxy here.  So you need to think about things like:

• Security by design - i.e. ensuring applications are developed using the best programming security practices
• For PHP applications, use Suhosin: http://www.hardened-php.net/suhosin/
• For PHP, set up php.ini securely: http://www.madirish.net/?article=229
• Review application code for SQL/URL injection flaws (i.e. never trust user input - always sanitise; Google "sanitize user input" for lots on this)

I follow the H Online, for lots of useful security tidbits.  I also subscribe to a couple of black hat RSS feeds, but for obvious reasons, please don't ask me for details of those.

http://www.h-online.com/

[zeroburn]

The nice thing about my network, is that it is a small network, that i have complete control over. Its somewhat the realm of a "Home Data Center" meaning i can do what I need to.

Is there any use to using Backtrack to find security holes in my own network?

And are there any major networking considerations (arranging of IP addresses, etc) that i should make?

Thanks.

[Rob Pomeroy]

Is there any use to using Backtrack to find security holes in my own network?

Yes.

And are there any major networking considerations (arranging of IP addresses, etc) that i should make?

That's a bit like asking, "How should I arrange my tool shed?"  It all depends on your precise requirements and there are many many possible permutations.