New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Its always a good thing to only open ports that you need and deny everything else, that way you can be sure no other software is silently listening and being exploited at some random port that you arent aware about.
Could be, if someone finds an exploit in your system they can abuse it and it will skyrocket your outgoing traffic. (I'd limit it instead) Or are you talking about inbound traffic? If that is the case, mark_R's advice is goood.
Idea to improve security:
Pull the Ethernet cable.
Pull the wireless card.
"Secure"
@KwiceroLTD actually Pull the power cable is the most secure , don't forget physical attacks
@Issam2204 from security point of view yes to disallow reverse shells . So my recommendation will go to allow only needed incoming/Outgoing ports
Ensure SELinux is active at all times.
Pull the power, all the chips, then open the machine and physically incinerate every inch, drop it in a box at the bottom of the ocean and let the sharks eat it.
@Issam2204 , certainly it will work. But be sure to open necessary ports otherwise expected services won't run.
And if that doesn't help, try turning it off
As part of a large security policy, sure.
Most books on securing systems have "turn off anything you don't need" in chapter 1. Applying that wisdom to ports also makes sense.
I personally have witnessed various Linux distros install a package (say, samba) as a dependency and then automatically start the service...Deb 5 or 6 did this in some cases as I recall. Without a firewall, you could find yourself service unwanted services to the Internet.
@Issam2204
something you might wanna consider using is https://www.duosecurity.com
with this you know that the authorization part of your server is 100% covered for sure. im using this on windows server 2012 R2 without any problems, linux is supported too i think (never tested it on that.)
You don't. It's not auditable.
you mean not open-source? so what? this is just like the windows vs linux argument, you linux fanboys say that windows/microsoft isnt trustworthy because it is not opensource but at the same time i dont see you guys reading through all source codes of the linux OS before using it, companies like duosecurity and microsoft have much more to lose than any opensource devs - the reputation of their company + income is at stake. did you ever think about that?
The hosted customers me and my colleagues manage always have the hardware firewall to deny all traffic and only open the ports needed.
If you do not have the ability to audit something if you were so inclined, it cannot be considered secure. Presenting this as '100% covered' is dangerously misleading, at best.
This has all been well-understood and well-documented in infosecurity circles for the past few decades, and I'm really not even going to bother with this discussion anymore, especially since I believe we've had this discussion before.
This has fuck-all to do with open-source, by the way. Open-source has to do with license for modification and distribution. This is purely about auditability of the source.
EDIT: And seriously, stop making any kind of '100%' claim relating to security, especially if you are not a professional working in the field. It's highly irresponsible, and I'm tired of it.
It can be considered secure if a big company's reputation + income is depending on it.
Alright, i gotta admit i shouldn't have used these words, but please understand that english is not my primary language, mistakes like this are bound to happen.
In that case you might aswel could've not reply and move on, it would equal to the same.
I've used google translate on the word 'auditable' it sounds like you previously were reffering to open-source to me.
No, it cannot. If it is not technically-provable secure, it isn't secure. No exceptions.
There are simply too many environmental factors in play (incompetence, malicious actors within the company, malicious actors outside the company such as intelligence agencies, ...) to accept anything less than that as proof.
No, because your advice/claims are dangerous if taken at face value, which is likely to occur if not contradicted.
Auditable means it is possible to audit the software/hardware/etc., ie. look at it, inspect it, (reliably) understand its inner workings, confirm with certainty that it behaves as it should. In the case of software, that requires being able to look at the source code and being able to build it from that source code. Distribution/modification permission is unrelated to that.
The problems you mentioned are a problem in open-source based softwares too, but again, those individual opensource devs have nothing to lose compared to big companies like Microsoft, microsoft has to keep up their reputation and money income, opensource devs do not have this task because they can commit anytime they want without representing any company brand.
I like it when im being called out, it helps me improving on certain areas, in this case you definitly teached me on my word usage, i do appreciate that, im always open for realistic improvements.
Yeah, that definitly sounds like opensource to me. it comes down to the same thing. i'm glad that i did understand you correctly the first time, thank you for confirming this.
No, they're not. Because you can audit the code if you distrust any factors.
This is not only false (it's far too generalizing a statement), it's also completely irrelevant when talking about security. You cannot build your security on assumptions, and the interests/risks that you believe a company has are exactly that - assumptions.
Happy about that
It's not, as I already said. Key points of "open-source" are being allowed to modify and redistribute, as explained in the OSD. Those are irrelevant factors here. This is purely about the ability to audit the code and produce a known-secure build, which are security concerns, and not licensing concerns like what open-source is about.
Open-source and auditability have nothing to do with each other, other than that auditability is a coincidental side-effect of something being open-source.