Section 9.1. Overview: Making your System Secure

9.1. Overview: Making your System Secure

Server security should be instituted on many levels. Taking a layered approach to security makes it much more difficult for crackers to do serious damage to your machine, because, even if they do manage to break through one layer, they won't necessarily have access to the whole machine. Make sure you implement the following layers of security to help ensure that a cracker who manages to break through the first layer of security is prevented from progressing any further:

1. Turn off any services that you don't need on the machine, so that they can't be compromised.

2. Implement a firewall that allows only users from specified locations to access services. For example, ensure that services that should be accessible only from your internal network are accessible only from your internal network.

3. Implement an intrusion detection system to check for suspicious-looking network traffic.

4. Ensure that all services are unable to do things they don't need to do. This measure helps to ensure that, if your server is compromised, the cracker will be unable to use any of your services to penetrate the server further.

Another important part of your security setup is audit, which will enable you to detect whether or not a compromise has occurred, and take steps to fix any problems. In the first case, this requires that, when your server alerts you to potential compromises, you pay attention to those warnings. In this chapter, we'll look at software that's designed to address all these areas of security: how to stop your server from being compromised in the first place, how to limit the damage that can be done if a compromise occurs, and how to detect any compromises and fix the associated problems.

Security is one of those things that everyone knows they should do, but an awful lot of people neglect. It's not difficult to implement security measures around your server. Remember that security is always a question of balance: balance the work that you need to do to secure the server against the work and trouble that would be caused by a compromise. A server containing client data should be secured much more heavily than one that contains no sensitive data, which could be rebuilt or recreated from an image at the touch of a button. Look at it this way: an ounce of prevention is worth a hundred pounds of running about like a headless chicken after you discover a security breach.