Archive

Posts Tagged ‘linux’

Some quick steps to secure your VPS

August 10th, 2011 1 comment

This article describes standard Security Best Practices for Linux servers and provides basic instructions for securing a virtual private server against most common attacks.

User Accounts

  • Observe the Password Security recommendations for your root account
  • Create a user account for any trusted users who should have access to the VPS – do not share your root login
  • Eliminate unnecessary user accounts and disable shell access for daemons
    1. Run cat /etc/passwd and identify unnecessary user accounts
    2. Remove unnecessary users with userdel <username>
    3. Disable interactive logins for daemon accounts by specifying /bin/false for the user’s shell

SSH Configuration

  • Change the SSH port
    1. Open your sshd_config file for editing
    2. Locate the Port directive
    3. Change the default SSH port – any port above the 1-1024 range is preferable (check theInternet Assigned Numbers Authority site for unassigned port numbers if you want to ensure no conflicts are encountered)
    4. Restart SSH and connect to your VPS using the new port
  • Restrict SSH users and hosts in sshd_config
    • Use the PermitRootLogin no directive to disable root logins over SSH (if you have created a user account for yourself and plan to use su to administer your VPS)
    • Use the AllowUsers directive to specify which user accounts may be used to log in
  • Additional Recommendations
    • Limit SSH access to trusted IPs only (iptables example):
      1. -A INPUT -p tcp -m tcp --dport XXXX --source x.x.x.x -j ACCEPT (where XXXX is the port SSH is listening on and x.x.x.x is the trusted source IP)
      2. Prior to closing the established SSH session, test the SSH access rule: Create an additional SSH session from the trusted source IP. Test a non-trusted IP as well. If the non-trusted IP is unable to connect and the trusted IP is allowed, the rule is working as intended.
    • Use the DenyHosts script to block malicious users (if restricting access to a single trusted IP is not practical)
    • Configure your VPS to use public key authentication instead of password authentication

Additional Linux Security Resources

See the Security category for security guides on the VPSLink Wiki.

Linux Distribution Security

If you have an active interest in securing your VPS, you should follow up with recommendations specific to your distribution and recommendations for any daemons or applications which you use.

Security Applications

Applications geared toward security are an invaluable asset – consider installing an auditing tool and an intrusion detection system to automate monitoring and test your system’s configuration.

  • Bastille – Security auditing and configuration tool
  • Samhain – File integrity checker and intrusion detection system
  • SentryTools – A host-level security suite used to protect against port scans, automate log file auditing, and detect suspicious login activity

(Source: http://wiki.vpslink.com/Security_Best_Practices)

Categories: Máy tính Tags: , , , ,

Instant web proxy on a Linux VPS server

August 10th, 2011 2 comments

If you are unable to access a website because your computer is behind a firewall, with a VPS server you can make an instant SOCKS proxy for you to bypass the firewall in few minutes. Such a useful guide that I’ve found out from the net. Enjoy!

Introduction

There are many situations which call for a higher level of security and privacy than the immediate network provides: having a SOCKS proxy at your disposal is often the quickest and most convenient solution.

If you have ever checked POP3 e-mail, accessed an account on an FTP server, or encountered a website which was blocked by the local network administrator, this guide will explain how to protect your passwords over the local network and maintain access to the sites you frequent, regardless of local restrictions.

This guide will explain how to configure your VPS to act as a proxy server and configure your Linux or Windows client software to use the SOCKS proxy.

Note: The VPSLink Acceptable Use Policy expressly prohibits the operation of a public proxy. Please limit user accounts to trusted users to ensure the security of your VPS.

VPS Configuration

No special configuration is required – your VPS will be running an SSH daemon by default.

Note: We strongly recommend that you review our Linux security best practices to change the port which SSH is listening on as a security precaution.

Client Configuration

Considerations:

  • Ensure that the port which will act as your local proxy port is not presently active or listening for connections
  • Despite common port restrictions, most networks will allow traffic over port 80 (HTTP) and port 443 (SSL) – because encrypted traffic is expected over port 443, this port makes an ideal local proxy port
  • Client software (web browsers, e-mail clients, chat clients) must be configured to use the SOCKS proxy and perform DNS lookups over the SOCKS proxy (if you wish to keep the domains which you browse private)

Linux

  1. Open a local console
  2. Enter the following command:

    ssh -p VPS_SSH_PORT -D LOCAL_PROXY_PORT USERNAME@VPS_IP_ADDRESS

    where:

    • VPS_SSH_PORT – The port on your VPS which is listening for SSH connections
    • LOCAL_PROXY_PORT – The port on your local machine which will accept SOCKS connections
    • USERNAME – The username for an account with SSH login capabilities on your VPS
    • VPS_IP_ADDRESS – The IP address of your VPS
  3. Log in with your user account password
  4. Open your client applications and enable proxy use on your local SOCKS proxy port

Windows

  1. Open the PuTTY SSH client
  2. Complete the following fields under the Session category:
    • Host Name (or IP Address) – Enter the IP address for your VPS
    • Port – Enter the port which the SSH daemon is listening on
  3. Navigate to the ConnectionSSHTunnels category
  4. Complete the following fields under the Tunnels category:
    • Source port – Enter the port on your local machine which will accept SOCKS connections
    • Destination – Enter the IP address for your VPS
    • Select the Dynamic radio button
  5. Click the Add button to add the source port association
  6. If you would like to save your SOCKS proxy settings:
    1. Navigate back to the Session category
    2. Enter a label for your settings in the Saved Sessions field
    3. Click the Save button
  7. Click the Open button to initiate a connection with your VPS
  8. Log in with your username and password
  9. Open your client applications and enable proxy use on your local SOCKS proxy port

Application Configuration

Keep in mind that you will need to have an open an SSH connection to your VPS in order to use application SOCKS proxy settings. If your local machine is no longer listening for connections or your connection to your VPS is interrupted, SOCKS-enabled applications will report that no connection exists.

FireFox

The FireFox browser can easily be configured to make use of a SOCKS proxy – additionally, the FoxyProxy FireFox extension allows for domain-specific proxying rules.

Use the following steps to modify your FireFox settings to route all browsing over your proxy:

  1. Open FireFox and select the Tools option from the menu bar
  2. Switch to the Advanced section and select the Network tab, then click the Settings button
  3. Select the Manual proxy configuration option
  4. Enter localhost in the SOCKS Host field and your LOCAL_PROXY_PORT in the correspondingPort field
  5. Browse to WhatIsMyIP.com to confirm that the IP address for your VPS appears

(Source: http://wiki.vpslink.com/Instant_SOCKS_Proxy_over_SSH)

Ways to protect your computer against ARP poisoning

November 10th, 2010 No comments

When you’re connected to a local area network, you’re exposed to many security troubles that you may not be aware. One of them is ARP spoofing (ARP poisoning). The attacker can easily capture data flow in and out of your computer. Your essential information such as username, password, email are not secret to you anymore. Read wiki page here: http://en.wikipedia.org/wiki/ARP_spoofing

An attacker may take advantage of ARP poisoning to perform the following effects:

1. Denial of Service attack

- computer A sends request to (true) gateway successfully

- computer B (hacker) poisons ARP cache of gateway

- as a result, gateway sends response to fake computer B. Hacker may never send response back to computer A. Computer A may see these symptoms on the browser: Waiting for www.abc.com, Looking up www.def.com

Instant resolution (either or all will work):

- clear ARP cache of gateway

- turn gateway off and on

- reset gateway

- turn on gateway’s ARP protection

2. Man in the middle (MITM) attack

- computer B (hacker) poisons ARP cache of gateway and computer A, it acts as an intermediate between computer A and true gateway

- computer B can sniffer data flow between computer A and gateway, thus it can analyze to see essential information (username, password, URL, cookie, …)

Instant resolution (either or all will work):

- clear ARP cache, repair network connection

- enable firewall’s ARP cache protection (enable ArpON in Linux box)

- perform resolutions of DOS attack