Wednesday, August 4, 2010

Tips for secure SSH connection to remote servers

Some tips for secured SSH connection to remote servers. 


Also please go through my previous posts for detailed howto.

  • Use only SSH V2 -- V1 is vulnerable to compromise. On Linux, this is usually done by default and managed in your /etc/ssh/sshd_config file by the Protocols option.
  • Don't allow root or Administrators to log in directly. Only normal users should be allowed to log in and then if required they can escalate their privileges by using su or sudo. On Linux this is controlled, again in the sshd_config file, by the PermitRootLogin option.
  • Ensure you use suitable authentication, for example passwords or keys.
  • Try to avoid using port 22 for your SSH connections. Automated brute force attack tools are commonly used by attackers to scan port 22 and try to brute usernames and passwords. Changing the port to something else, for example 2222, is a quick and simple way of reducing this risk.
  • lternatively, if you must use port 22, you can use tools like BlockSSHD or Fail2Ban to block excessive or inappropriate login attempts.
  • Ensure you have configured suitable logging of your SSH daemon and that you review your logs for illicit login attempts. Ttools like Swatch and SEC can assist with this.
  • Only bind SSH to the addresses required. If you have multiple interfaces in your host, for example an interface on your internal network and another on an external network such as the Internet, then only bind the daemon to the interface through which you need to connect. This is controlled on Linux using the ListenAddress option.
These are some general tips and how to implement these depends on the platform you are using. Anyway I hope this helps.
Posted by at No comments:
Labels: ,

Monday, August 2, 2010

Things I do not like about Ubuntu LTS 10.04

The new Ubuntu 10.04 release is a great release and it is really a task to find things you dislike. Anyhow no operating system is perfect and this one also has some flaws. But now itself I am telling you that this is from my point of view and my dislikes may not be your dislikes!!!!
  • The new themes
Well the first thing I dislike about the Ubuntu 10.04 LTS is its new themes. These new themes do nothing but set back the looks of the previous versions. Ok, these themes must be on account of the GNOME 3.0 but the default theme selected is, according to my opinion, is a great mistake. This is also coming on the heels of the rumors of the possible inclusion of RGB support in the GTK widgets, which would have enabled real transparency in all widget sets. This did not happen (and is still not happening). My concern is that most new users will install 10.04 and have trouble getting beyond the default themes.
Read more »
Posted by at No comments:
Labels:

Thursday, July 29, 2010

Things I love about Ubuntu 10.04 LTS Lucid Lynx

The things I Love and Hate about the new Ubuntu 10.0.4 Lucid Lynx.
  • GNOME 2.30
This is the final 2.x release before the major upgrade to 3. This will be the last time you will see the GNOME 2.X in Ubuntu flavor. For me it is fantastic. GNOME 3 will be a graceful successor to GNOME 2.x. In fact, I can promise that GNOME 3 will succeed where KDE 4 failed — in being a useful desktop upgrade right out of the starting gate.

  • HAL begone
Ubuntu 10.04 has done away with HAL (Hardware Abstraction Layer) during the boot process. This means that 10-second boot time has finally arrived. Hence the 10 second booting can be achieved in a charming way. The removal of HAL also drastically speeds up resume-from-suspend times for those of you in laptop land.
Read more »
Posted by at No comments:
Labels:

Friday, June 4, 2010

The system-config-firewall

secuThe firewall rules in the kernel can be configured by using iptables since 2.4 kernel. There are number of tools for configuring the firewall like command line tool, Shorewall, and a number of other GUIs. The default firewall configuration tool in Fedora systems is called “Firewall Configuration”, which can be accessed from Systemà Administration à Firewall in GNOME or from command line via, “system-config-firewall”.

This GUI allows you to set which services are allowed to be accessed via the Internet using a very simple interface. It defines a set of trusted services to be configured. To allow access, you simply need to check the box next to the entry. Each entry lists the service name, the port and protocol, and any additional iptables modules it uses. So if you wanted to allow Samba access to the system, you would check off the box next to the Samba and Samba Client service as in figure below.
Read more »
Posted by at No comments:
Labels: ,

The Oracle effect on Sun Microsystem VARs

The new policies introduced by Oracle in terms of “Oracle hardware support” for Sun servers are creating tensions among Sun VARs. The new policies from Oracle are “sinking” the customers as told by some VARs.

One Sun Microsystems systems integrator commented that it was getting pretty bad. The maintenance renewals and services are 3 times what they had in terms of price. Oracle also revoked the prepaid discounts and other flexibilities. Now Oracle charges 12% of the Sun hardware cost per year but in the past it depended on the hardware type and the multiplier was roughly 5% 0r 6%.

"Before this year, a customer buying a Sun 5240 server got three years of support for $3,800, including a discount for paying for the three years at once," this partner said. "That same box will now cost $7,699 to support for three years, a customer told.
Read more »
Posted by at No comments:
Labels: , ,

Thursday, May 13, 2010

Landscape 1.5: Ubuntu Server Monitoring & Management Tool

Canonical has released its new server monitoring and management tool Landscape with its Ubuntu 10.04 LTS (Long Term Support) edition. The application is meant to make Ubuntu sever monitoring, management and package provisioning easy.

Ease of use is the main advantage of Ubuntu based distributions. However not much solutions were available to manage and monitor a group of Ubuntu servers simultaneously. Finally Canonical developed its own solution and that is “Landscape”. And with the release of their new distribution Ubuntu server 10.04 LTS Lucid Lynx, they have updated the older version to Landscape 1.5. The new version Landscape 1.5 is available as an on-site server and an online service from Canonical. Landscape is a simple and easy to use web based application that provides powerful automated system management capabilities such as management, monitoring and provisioning of packages across multiple machines, thereby lowering your per-systems cost of management and administration.

Read more »
Posted by at No comments:
Labels: ,

Tuesday, May 4, 2010

Ubuntu 10.04 LTS Server Edition Released

Canonical, on April 27 2010, announced the release of the Ubuntu 10.0.4 LTS server Edition release. This release includes extended security and maintenance updates free of charge to all users for five years. Ubuntu 10.04 LTS is the successor of the widely acclaimed Ubuntu 8.04 LTS. Ubuntu 10.04 LTS will be available for free download from Thursday 29 April.
   
Ubuntu 10.04 LTS will also spot a larger network of open-source and proprietary application providers certifying their applications on Ubuntu Server Edition than ever before. About 100 organizations have signaled their intent to certify applications on the platform, including Alfresco, Ingres, IBM, VMware, Zimbra, Yahoo! and many others with more expected to follow post-launch. Dell has announced its intention to support Ubuntu 10.04 LTS Server Edition and will offer Ubuntu Enterprise Cloud as an option on its PowerEdge-C product line - servers specifically designed for building cloud environments.

Read more »
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)