securing a system
Steve Phariss
sphariss at gmail.com
Wed Jun 15 09:16:23 MST 2011
Hi Lisa,
This post was just the very basics. There will be several of us looking at
the attack vector and logs. There are things I will not have control over
and I have let my concerns (many of them you mentioned, it's good to know I
am on the right track <G> )be known to the hiring company. Good point of
using an alias.
I know that minimizing the attack vectors is generally best, that is why I
would like to (if possible) eliminate one of the DBs. If not possible,
secure both as well as possible.
On Wed, Jun 15, 2011 at 8:17 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
> Hi Steve!
>
> I would be very careful about specifics to a list; especially if you plan
> to later advertise you work there.
>
> Using another name or alias for security questions is generally best.
>
> See my suggestions below.
>
> On Tue, Jun 14, 2011 at 10:41 PM, Steve Phariss <sphariss at gmail.com>wrote:
>
>> I may have a job putting a compramised system back into production
>> (actually we are moving them from Ubuntu to a RHEL VM...)
>>
>
> Be sure to do your feasibility research BEFORE making a technical
> recommendation. A feasibility plan takes into consideration ALL of the
> various daemons and services as well as other things which much connect and
> network (iSCSI for instance). What will you do if one of their programs
> (Mason-CM) won't work with RHEL VM?
>
>>
>> I am still lacking some details but they are running apache, Mysql AND
>> Postgres, Drupal, and something called *Mason*-*CM. I am not sure why
>> the two DBs but if there is not a good reason I will move them off of one or
>> the other.
>> *
>
>
> Mason-CM is required for one of their apps. You will break upwards
> compatibility if you move them. Run both.
>
>> *
>> Anyone have any good docs on securing Apache, Drupal, the DBs, or
>> Mason-CM?
>> *
>
>
> That's too blanket of a question. Apache/SSL/postgresql all have
> insecurities based on version.
> Everything can be "hacked" or configured just to work, not to work
> securely.
>
> Apache runs with many additional features, for instance mod-proxy.
> Drupal runs with third party contributed modules -- not all secure as the
> government learned last year in a famous hack.
> DB's are only as good as the underlying security model.
> Read the docs for Mason-CM (but again it's going to be dependent for sql
> injection protection on the underlying code base or app).
>
> The best I can suggest is to run Rapid7 Nexpose security scanner against
> your configuration and mitigate each thing one by one.
>
> But before you rebuild, you might take a minute to determine the "attack
> vector".
>
>> *
>> Thanks
>>
>> Steve
>> *
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> (602) 791-8002 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> *
> *Server Engineer/Security Administrator
> HomeSmartInternational.com <http://www.homesmartinternational.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110615/49abd610/attachment.html>
More information about the PLUG-discuss
mailing list