Introduction:

Everyone realizes the importance of network system and are these days associated
with it. In other words, we can say that it is essentially connection of interconnected
PCs. The major idea of the network system is to allow people remote access without
being present, from any part of the world. The explanation behind security, essentially,
is to guarantee that the system is secured from access by unauthorized persons. If
some unauthorized persons access the system then he misuses it through various
means. The server association to the Web fundamentally increments security chance
from an assortment of attacks.

Attackers can cause various types of obstruction with the service; impairing typical
working, gathering classified information, or on the other hand misuse of the system
without the information of the administrator. It is important for any administration who
is in charge of security to execute strict security measures and perform some action
to neutralize potential attacks and ensure the server.

The countermeasures lead to the utilization of appropriate tools to recognize and stop
the attacks for the smooth working of the system. The necessitate for security tools
has expanded with the progress of innovation. A server without essential security
instruments can, in an exceptionally short time, move over into the hands of attackers.

Tools and Techniques to Secure Ubuntu server 14.04

Securing Ubuntu 14.04 server likewise called solidifying Ubuntu server is a procedure
of securing the server keeping in mind the end goal to reduce vulnerabilities and
secure the server from attacks. In this way, when we introduce Ubuntu server we have
to install the updates on our server keeping in mind the end goal to wipe out some
fault that might be in our system (Brock, 2014).

 Getting Start: Update and Upgrade the system

Run the command to update all the packages present on the sever:
# sudo apt-get update
This command updates the list of available packages and their versions, but it does
not install or upgrade any packages (cook, 2015).
Run the command to upgrade all the packages on the system:
# sudo apt-get upgrade
This command actually installs new versions of the packages of the system. After
updating the lists, the package manager knows about available updates for the
software you have installed. This is why you first want to update (cook, 2015).

 Disable root account and secure SSH:

Root is, for the most part, to log in on the other hand disabling it gives an additional
sheet of security all through the system. The origin client can change truly anything
regardless of the significance. This makes it a typical focus of attackers, infections,
and so on. Disabling it (or rather crippling the password) guarantees that the record
can't be signed into if the password is recovered (Solon, 2016).
SSH (Secure Socket Shell), is a convention that gives protected and secure way to
deal with getting to a remote PC. SSH is for the most part used by system officials for
administering structures and applications remotely, allowing them to sign into another
PC over a system, execute charges and move records beginning with one PC then
onto the following. The first version of SSH was introduced in 1995 by Tatu Ylönen,
researcher at Helsinki University of Technology. After some time, different faults have
been found in SSH-1 and it is currently out of date (Security, 2016).
The standard Secure Shell conventions is SSH-2 and was considered in 2006. It
utilizes a Diffie-Hellman key exchange and a stronger integrity check with message
verification codes to enhance security. SSH customers and servers can utilize various
encryption techniques, the most generally utilized being AES and Blowfish. Up 'til now,
there are no known exploitable vulnerabilities in SSH2, however, data spilled by
Edward Snowden in 2013 recommends the National Security Agency might have the
capacity to decode some SSH movement (Security, 2016).
Shellshock, a security opening in the Bash charge processor, can be executed over
SSH yet is a helplessness in Bash, not in SSH. As a general rule, the greatest danger
to SSH is poor key management. Without the best possible concentrated creation of
SSH keys, associations can lose control over who approaches especially when SSH
is utilized as a part of processes (Security, 2016).

The IP address of the ubuntu server is 10.0.10.100, so using the command we can
login via SSH protocol using another user (ubuntu).
# ssh ubuntu@10.0.10.100 -p 22
This command will create a new user(ubuntu) and disable the root via ssh. The aim is
to secure the server from attacks. To achieve this, we have disable the root because
the attacker surely tries to attack from the root user. Using this technique, we created
a layer of security to the server.

To disable the root user, we used:

# sudo passwd -1 root
Using this command, the root account is not disable, but rather, the password for root
is disable. Another way is to disable SSH password authentication. Here, the user
connects via SSH to use key authentication. The user needs to change the command
line from “yes” to “no”.
# PasswordAuthentication no
Next step is to add new user to the account. Command used for this:
# sudo adduser ash

The user needs to set password followed by some questions to answer.

Next step is to configure SSH:
# sudo nano /etc/ssh/sshd_config

Here, the user changes the SSH Port 22 to Port 1303. The above command will help
the user to config the Port 22 as by default an SSH server is on the standard TCP Port
22. The user can change it to any number but it should be greater than 1024. The
default configuration of the Port 22 i.e. SSH can be change to another just to prevent
from attacks like incoming SSH hacking. Thus, it gives extra security layer.

Then the user restarts the service:

# sudo service ssh restart
Till now we change the SSH Port and restarted the SSH service. Now the user can
login with new IDs.
For more security the user can create an Authentication Key-pair. It will create a 4096-
bit RSA key-pair. While creating it will give option to encrypt the private key with a
passphrase. The command used for creating (Ellingwood, 2014):
# ssh-keygen
This will give option to create private and public key. By pressing Enter the keys will
be created using default names (id_rsa, id_rsa.pub private key and public key
respectively). By default, the keys will be stored in ~/.ssh directory within the ubuntu
home directory. Next the public key will be copy to the server using the command
(Ellingwood, 2014):
# ssh-copy-id ubuntu@10.0.10.100
Another way to copy the Public Key using SSH, as this will add keys without
terminating previous added keys. Copying the public key manually is another way to
access the account on the server (Ellingwood, 2014).
# echo public_key_string >> ~/.ssh/authorized_keys
  NMAP:
Nmap is an open source tool use on all the interfaces, so that the user know what
services are running on the machine. This is an essential tool for security. This open
source tool services for network detection and security examination. Furthermore,
Nmap examines huge system at rapid. Nmap utilizes IP packets, approaches to figure
out what administrations those hosts are putting forth, what has been accessible on
the system, running operating system, what sort of channels/firewalls are being used,
and various different attributes. Additionally, it can work in all major working systems.
Nmap is a system examining apparatus that is most broadly utilized (Im, Shin, Ryu, &
Roh, 2016).
Advantages: useful for TCP/UDP Port scanning, capable to mix with Zenmap to create
visual network maps. Options for firewall evasion (Lane, 2017). Disadvantage: Filtering
weaker devices and congested systems can at times cause an accidental DOS or
system stoppage. This can be cured by backing off the output speed, which Nmap
permits, utilizing the "- T" hail, and by checking fewer machines on the double. There
are approaches to make port sweeps stealthier included with Nmap, yet they generally
require producing a ton of system activity, and there is a converse connection amongst
stealth and speed (Lane, 2017).
  FIREWALL:
The default firewall on Ubuntu is Iptables. So, when the Ubuntu is introduced there is
as of now iptables in it, be that as it may, it permits all the activity. In this way, the
Ubuntu accompanies a program that deals with the iptables firewall (Help.ubuntu.com,
2016).
The default program that deals with the iptables are ufw. It is ideal for have based
firewalls. It gives order line interface to control the firewall. Despite the fact that UFW
is a really essential firewall, it is easy to use, exceeds expectations at examining
activity, and has great documentation. Some essential Linux learning ought to be
sufficient to design this firewall all alone (Vultr, 2015).
UFW is normally installed in Ubuntu. In any case, in the event that anything, you can
introduce it yourself by using the command:
# sudo apt-get install ufw
To enable firewall first the user needs to open 1303 SSH Port to login. The command
used is:
# sudo ufw allow 1303/tcp
To open the default http webserver port user puts the command:
# sudo ufw allow 80/tcp
To open HTTPS Port if we need to enable ssl/tls
# sudo ufw allow 443/tcp
To open SMTP for sending email
# sudo ufw allow 25/tcp
To open SMPTS if we need to enable ssl/tls for mail
# sudo ufw allow 465/tcp
IMAPS
# sudo ufw allow 993/tcp
POP3s
# sudo ufw allow 995/tcp
The above commands allow the connection and if users want to deny connections:
Example: sudo ufw deny 3306: deny access to default MySQL Port.
To Allow access from trusted IP address user can use the command:
# sudo ufw allow from 192.168.0.1. to any port 1303
Next, we can enable the firewall with the following command
# sudo ufw enable
Optional: To disable ufw: #sudo ufw disable

UFW isn’t expected to give complete firewall functionality through its command
interface, yet rather gives a simple method to include or evacuate basic rules. It is
presently mostly utilized for have host-based firewalls (Ubuntu documentation, n.d.).
So far, we have set rules that will open only certain ports, the other ports will be closed
until we need them. But the system is publicly accessible which can make it vulnerable
to various attacks. what type of attacks? Like SSH brute force attacks?
Brute force attacks on the Secure Shell (SSH) service have been used more frequently
to compromise accounts and passwords (Strand, 2009). A brute force attacks is a
strategy utilized by awful peoples to access your servers utilizing hundreds, some of
the time a large number of irregular username and passwords combinations. To
prevent from this type of attack many tools and techniques have been introduced. In
this the user has used DenyHosts and Fail2Ban tools to block SSH attacks.
  DenyHosts:
DenyHosts is a python tool that screens your webserver logs for exercises that may
flag a brute force attack against you. DenyHosts tool searches for attacks and attempt
to stop them by forbidding or blocking the IP address to that are being utilized to
assault your servers. It's as straightforward as that. DenyHosts on Ubuntu 14.04 server
to help keep these assaults. There are numerous different strategies that attackers
may use against your servers yet utilizing combinations of username and passwords
may not succeed on account of DenyHosts (Zero, 2012).
 Fail2Ban:
Fail2ban is further developed than DenyHosts as it stretches out the log checking to
different administrations including SSH, Apache, Courier, FTP and so on. This tool
filters log files and ban IP addresses that are doubtful. In other words, Fail2ban is used
to fix the firewalls standards that disallow IP addresses from entering wrong
passwords or looking for vulnerabilities and so on. When the user see multiple login
attempts then he can predict that the system has attack by brute force. Fail2ban tool
can solve this issue (Ocean, 2014).
Firstly, we need to install Fail2ban and to install we have to use the command:
# sudo apt-get install fail2ban
Then we need to configure Fail2ban. Additionally, the configure file contains the
default settings which will satisfy most needs. Now we need to copy the contents of
jail.conf file to the jail.local file. We can use the command:
# sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now, we can open the jail.local file and do some chances in order to secure the server.
# sudo nano /etc/fail2ban/jail.local
It will open the file:
destemail=root@localhost {they both configure
sendername=Fail2Ban the email address}
Ignoreip=12.0.0.1/8 (this IP address is ignore by fail2ban, as by default it configured
not to ban the traffic from local machines)
Bantime=600 (ban the client until the time when they failed to authenticate correctly)
Findtime=3600 ()
Maxretry=6 (number of tries to login before being ban)
Banaction=iptables-multiport
Action= $(action_)s (configure the firewall to reject traffic from the wrong host)
By changing some rules such as:
Under the [Default] we can change the bantime, it will ban the clients for 1 hour
bantime=3600
same under default settings we can configure email alert information using:
destemail= ubuntu@example.com
next we can adjust the action parameter:
we choose action_mwl because it will help us to troubleshoot and gather information
if there are some issues.
action=%(action_mwl)s
if the port number for ssh is 22 then we have to adjust the number of unsuccessful
attempts by editing the maxretry. But in this case the port is different so we only need
to adjust the port parameters.
Changing [nginx-http-auth] section to enable it as true for filtering.
Ports like http and https (80,443), in this way we have enable may services using
Fail2Ban tool that will support and add the rules of firewall automatically.
Another way to secure the server is from web server and the port is 443 as this is more
secure than http (80).
# sudo apt-get install openssl
OpenSSL is a robust, commercial-grade and full-featured toolkit for transport Layer
security (TLS) and Secure Socket Layer (SSL) protocols. It generates RSA private
keys and Certificate Signing Requests (CSRs), checksums, performs encryption and
decryption (Rose Web Services L.L.C[US], 2013).
After installing the openssl, we have created a directory where we can set-up the SSL
certificate file and Keys. We have created a directory where we saved the keys and
certificated using the commands:
# sudo openssl req -x509 -nodes -days 365 -newkeys rsa:2048 -keyout
/etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
This will give a number of questions to answer.
Later, we need to make some changes in the conf file and give a correct path to
SSLCertficateFile and SSLCertificateKeyFile as shown below:

So far, we have created the certificate and Keys. According to the web server, the user
has to make proper configuration for the created certificate in the conf. file. This will
secure the webserver.
Keeping in mind the end goal to secure each part of the server, we ought not utilize
ftp convention, this convention will transmit information by means of web in a non-
secure manner and rather we can utilize vsftpd of ftp with tls association securing our
information transmission.
There are more other techniques for securing the server:
SOME EXTRA TECHNIQUES:
 Avoiding IP SPOOFING:
It is technique where the user enters to a computer through unauthorized way. This
procedure, for the most part, begins by distinguishing your host and finding the IP
address trusted by your host with the goal that you can send information or data
packets and the host will consider them to be beginning from a trusted IP address
however that is not the situation (Location, n.d.).
Giving false hostname by the server is called as spoofing. To keep this, we can
arrange the resolver by turning on the setting nospoof.
Host.conf is the file where we can configure this setting.
# sudo nano /etc/host.conf
By adding this command to the host file:
Order bind, hosts
Nospoof on

Some other techniques to secure server is allow only one user to login through ssh
and deactivate the multi-users on the server.
  Sysctl.conf
Adding these can improve IP security as it will prevent source routing of incoming
packets and Log malformed to enter in the computer.
#sudo nano /etc/sysctl.conf
Edit the sysctl.conf file and uncomment or add the followings:
# IP Spoofing protection

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Ignore ICMP broadcast requests

net.ipv4.icmp_echo_ignore_broadcasts = 1

# Disable source packet routing

net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0

# Ignore send redirects

net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

# Block SYN attacks

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5

# Log Martians

net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Ignore ICMP redirects

net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0

# Ignore Directed pings

net.ipv4.icmp_echo_ignore_all = 1
Later we need to reload the service using the command:
# sudo sysctl -p

 Logwatch:
Logwatch is a tool which provides reports on what’s going in the server. It parses
through the systems logs and perform analysis it (Zero, 2012).
Firstly, we need to install the Logwatch using the command:
# sudo apt-get install logwatch
# sudo logwatch

By adding the line in the logwatch file the user can received mails:
# nano /etc/cron.daily/00logwatch
# /usr/sbin/logwatch –output mailto postmaster@acme.com – detail high

 Chkrootkit and rkhunter:

Constantly the attacks on the servers connected to the internet are increasing so it’s
the admin’s duty to keep scanning all the days. Firewall and regular scan is the best
method to keep the system safe. As Chkrootkit and rkhunter tools enhance your
security by scanning the malware, viruses and rootkits. Admin should run it regularly
as it sends reports to your email. It detects the activities like high load doubtful
processes or sending of malware (tutorials, n.d.) .
We need to install the tools using commands:
# sudo apt-get install chkrootkit
# sudo apt-get install rkhunter
The run the chkrootkit by
# sudo chkrootkit
Rkhunter- It is workable for a bundle administrator database to wind up maliciously
ruined. Rkhunter can just provide details regarding changes, yet not on what has
caused the change, it is reactive. It is similarly a source of data on "false positives".
Intruder detection list is available using this tool.
To run this tool, we need command:
# sudo rkhunter - - checkall

 Tiger
This is a free tool which is used for both monitoring a host and security auditing. Tiger
supplements this device and furthermore gives a structure in which every one of them
can cooperate. Tiger, it's anything but a log checker, nor it concentrated on
respectability investigation. It does "the other stuff", it checks the framework
arrangement and status (Tiger, n.d.).
To install we can used the command:
# sudo apt-get install tiger
# sudo tiger (it will open tripwire configuration where we need to create a passphrase)

# sudo less /var/log/tiger/security.report. * (to check the reports)

Recommendations:
 ClamAV
Clam Antivirus or ClamAV is an open source free antivirus tool that is used to detect
any viruses in the system. Mainly used for mail gateway scanning.
Installing ClamAV on the system:
# sudo apt-get install clamav

To run we need the command:

# sudo freshclam
# clamscan -r –bell -i
This will show the known viruses, engine version, infected files and time taken to scan
this. Now, we can scan any folders with the same command, if any infected file is found
then we can use the below command to scan again and eliminate the infected file.
# sudo clamscan –infected –remove –recursive /home
 Secure shared memory:
Shared memory is an effective method for passing information between programs.
Since at least two procedures can utilize a similar memory space, it has been found
that, since shared memory is, as a matter of course, mounted as read/write, the shm
space can be effortlessly misused. That means a debilitating condition of security. It
ought to be noticed that a large portion of these adventures really make utilization of
vulnerabilities inside a specific server programming, for example, Apache and not
simply the working framework. There is. What's more, luckily, this can be effortlessly
defeated (Wallen, 2017).
Setting/run/shm to peruse just is very straightforward. You should simply open up the
fstab document and include one line of code. To do this, open up the record with:
# sudo nano /etc/fstab
The vital change
tmpfs /run/shm tmpfs ro,noexec,nosuid
after the changes we need to reboot the system and use
# sudo mount -a
 Deactivating unnecessary services:
We can deactivate or remove the services that are not in used to improve system
performance. Using the command below we can find the services running:
# sudo initctl list | grep running
To disable the running services, we need the commands:
# sudo update-rc.d -f service_name remove
# sudo apt-get purge service_name
Conclusion:
Till now we have use firewall, fail2ban and have used different techniques and tools
to secure the server. Login via ssh and disabling the root have added the security layer
for the server. Techniques like IP Spoofing, deactivating the unnecessary services
have used. Tools like chkrootkit, rkhunter, openssl, tiger, ClamAV have enhance the
security of the server. These are the most essential steps to harden the server,
however encourage security layers will rely upon its strategic utilize
With regards to security the three vital artefacts have been achieved. These three
objectives likewise called as CIA sets of three (Confidentiality, Integrity, Availability)
have acquired in this work.
References
Brock, M. (2014, June 23). Google. Retrieved June 2018, from Google:
https://blog.mattbrock.co.uk/hardening-the-security-on-ubuntu-server-14-04/
cook, s. (2015, march 15). Google. Retrieved june 2018, from Ubuntu Mate website:
https://ubuntu-mate.community/t/apt-get-upgrade-vs-apt-get-dist-upgrade/632
Ellingwood, J. (2014, october 24). Digital Ocean, LLC[US]. Retrieved June 2018,
from Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-
configure-ssh-key-based-authentication-on-a-linux-server
Im, S.-y., Shin, S.-H., Ryu, K. Y., & Roh, B.-h. (2016). Performance Evaluation of
Network Scanning Tools with Operation of Firewall. ICUFN 2016 (pp. 876-
881). Korea: IEEE. Retrieved June 2018
Lane, D. (2017, October 11). Quora. Retrieved June 2018, from Quora:
https://www.quora.com/What-is-the-advantage-and-disadvantage-of-Nmap-
network-mapper
Location, I. (n.d.). Iplocation.net. Retrieved from IP Spoofing:
https://www.iplocation.net/ip-spoofing
Ocean, d. (2014, May 7). Retrieved from Digital Ocean, LLC[US]:
https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-
fail2ban-on-ubuntu-14-04
Rose Web Services L.L.C[US]. (2013, 12 4). Retrieved from Rose Hosting Quality
VPSsince 2001 : https://www.rosehosting.com/blog/set-up-ssl-encrypted-
connection-in-postfix-dovecot-and-apache/
Security, S. (2016, March 13). Tech Traget. Retrieved June 2018, from Search
Security: https://searchsecurity.techtarget.com/definition/Secure-Shell
Solon, A. C. (2016, 02 16). Information Security. Retrieved June 2018, from Stack
Exchange: https://security.stackexchange.com/questions/114721/why-is-
disabling-root-necessary-for-security
Strand, J. (2009, January 04). Search Security. Retrieved June 2018, from Search
Security: https://searchsecurity.techtarget.com/answer/How-to-prevent-SSH-
brute-force-attacks
Tiger. (n.d.). Tiger. Retrieved from www.nongnu.org: https://www.nongnu.org/tiger/
tutorials, l. (n.d.). three tools to scan a linux server for malware. Retrieved from
www.howtoforge.com: https://www.howtoforge.com/tutorial/how-to-scan-linux-
for-malware-and-rootkits/
Ubuntu documentation. (n.d.). Retrieved from Ubuntu:
https://help.ubuntu.com/lts/serverguide/firewall.html.en
Vultr. (2015, April 25). Configure Ubuntu Firewall (UFW) on Ubuntu 14.04. Retrieved
June 2018, from Vultr Docs: https://www.vultr.com/docs/how-to-configure-ufw-
firewall-on-ubuntu-14-04
Wallen, J. (2017, May 30). Tech Republic. Retrieved June 2018, from
www.techrepublic.com: https://www.techrepublic.com/article/how-to-enable-
secure-shared-memory-on-ubuntu-server/
Zero, O. (2012, June 15). Ask Ubuntu. Retrieved June 2018, from Stack Exchange:
https://askubuntu.com/questions/146775/what-can-be-done-to-secure-ubuntu-
server