This experience obviously drove home a hard point for the owner of that server. They managed to deface the Web sites hosted on the system and use the compromised system for more malicious activity. Using brute force and some well-known exploits, they managed to get root access to the system via the FTP server and covered their tracks by scrubbing the log files. The one server the hackers managed to break in to was running a stock Red Hat 6.2 system with no updates and using wu-ftpd as the FTP server.
For instance, just last week, a friend of mine who works at an ISP reported to me how all of the servers co-located at the ISP had gotten hammered one evening by a number of crackers. However, you may have chosen an inappropriate software package to begin with-one that, perhaps, has a history of security problems and shouldn’t be trusted as much as other, more viable packages. Recognizing the importance of subscribing to vendor-supplied mailing lists regarding security announcements should be common sense, and upgrading packages your vendor deems essential for security reasons is a given. That information is vital as well, and unless you pay strict attention to mailing lists such as BugTraq or to security releases by the distribution you have chosen, you may be using a vulnerable piece of software and not even realize it. However, it cannot tell you whether the SMTP server it knows is listening to port 25 is vulnerable to well-known attacks and exploits. For instance, it can tell you which ports are open, it can make a best guess as to what that port is used for, and it gives you an idea of what you need to secure. While nmap is an excellent piece of software and should be used by every system administrator at least once, it does have a few limitations. It also helps you decide what you should be blocking via your firewall if some of those ports are necessary to an internal network. Using nmap, you can determine which services are listening to which ports, and based on that information, you can further lock down your system and make available only those ports necessary. In “Security auditing with nmap,” we looked at a program called nmap, an advanced port scanner used to help identify areas in your system that might be insecure. In this Daily Drill Down, I will show you how to install, configure, and use Nessus so you too can enjoy hardened server security, as well as better job security. Nessus, on the other hand, is really an attack application. Unfortunately, many port-scanning tools don’t do the job completely. Knowing where your servers are vulnerable can aid you in saving your data. Security auditing is a critical aspect of network administration. In this Daily Drill Down, Vincent Danen explains just how useful this tool is. The nmap tool, although powerful, does not have the flexibility of Nessus. Most system administrators don't realize the importance of port-scanning tools.
0 kommentar(er)
