Professional Documents
Culture Documents
Everyone realizes the importance of network system and are these days associated
with it. In other words, we can say that it is essentially connection of interconnected
PCs. The major idea of the network system is to allow people remote access without
being present, from any part of the world. The explanation behind security, essentially,
is to guarantee that the system is secured from access by unauthorized persons. If
some unauthorized persons access the system then he misuses it through various
means. The server association to the Web fundamentally increments security chance
from an assortment of attacks.
Attackers can cause various types of obstruction with the service; impairing typical
working, gathering classified information, or on the other hand misuse of the system
without the information of the administrator. It is important for any administration who
is in charge of security to execute strict security measures and perform some action
to neutralize potential attacks and ensure the server.
The countermeasures lead to the utilization of appropriate tools to recognize and stop
the attacks for the smooth working of the system. The necessitate for security tools
has expanded with the progress of innovation. A server without essential security
instruments can, in an exceptionally short time, move over into the hands of attackers.
Securing Ubuntu 14.04 server likewise called solidifying Ubuntu server is a procedure
of securing the server keeping in mind the end goal to reduce vulnerabilities and
secure the server from attacks. In this way, when we introduce Ubuntu server we have
to install the updates on our server keeping in mind the end goal to wipe out some
fault that might be in our system (Brock, 2014).
Run the command to update all the packages present on the sever:
# sudo apt-get update
This command updates the list of available packages and their versions, but it does
not install or upgrade any packages (cook, 2015).
Run the command to upgrade all the packages on the system:
# sudo apt-get upgrade
This command actually installs new versions of the packages of the system. After
updating the lists, the package manager knows about available updates for the
software you have installed. This is why you first want to update (cook, 2015).
The IP address of the ubuntu server is 10.0.10.100, so using the command we can
login via SSH protocol using another user (ubuntu).
# ssh ubuntu@10.0.10.100 -p 22
This command will create a new user(ubuntu) and disable the root via ssh. The aim is
to secure the server from attacks. To achieve this, we have disable the root because
the attacker surely tries to attack from the root user. Using this technique, we created
a layer of security to the server.
Here, the user changes the SSH Port 22 to Port 1303. The above command will help
the user to config the Port 22 as by default an SSH server is on the standard TCP Port
22. The user can change it to any number but it should be greater than 1024. The
default configuration of the Port 22 i.e. SSH can be change to another just to prevent
from attacks like incoming SSH hacking. Thus, it gives extra security layer.
UFW isn’t expected to give complete firewall functionality through its command
interface, yet rather gives a simple method to include or evacuate basic rules. It is
presently mostly utilized for have host-based firewalls (Ubuntu documentation, n.d.).
So far, we have set rules that will open only certain ports, the other ports will be closed
until we need them. But the system is publicly accessible which can make it vulnerable
to various attacks. what type of attacks? Like SSH brute force attacks?
Brute force attacks on the Secure Shell (SSH) service have been used more frequently
to compromise accounts and passwords (Strand, 2009). A brute force attacks is a
strategy utilized by awful peoples to access your servers utilizing hundreds, some of
the time a large number of irregular username and passwords combinations. To
prevent from this type of attack many tools and techniques have been introduced. In
this the user has used DenyHosts and Fail2Ban tools to block SSH attacks.
DenyHosts:
DenyHosts is a python tool that screens your webserver logs for exercises that may
flag a brute force attack against you. DenyHosts tool searches for attacks and attempt
to stop them by forbidding or blocking the IP address to that are being utilized to
assault your servers. It's as straightforward as that. DenyHosts on Ubuntu 14.04 server
to help keep these assaults. There are numerous different strategies that attackers
may use against your servers yet utilizing combinations of username and passwords
may not succeed on account of DenyHosts (Zero, 2012).
Fail2Ban:
Fail2ban is further developed than DenyHosts as it stretches out the log checking to
different administrations including SSH, Apache, Courier, FTP and so on. This tool
filters log files and ban IP addresses that are doubtful. In other words, Fail2ban is used
to fix the firewalls standards that disallow IP addresses from entering wrong
passwords or looking for vulnerabilities and so on. When the user see multiple login
attempts then he can predict that the system has attack by brute force. Fail2ban tool
can solve this issue (Ocean, 2014).
Firstly, we need to install Fail2ban and to install we have to use the command:
# sudo apt-get install fail2ban
Then we need to configure Fail2ban. Additionally, the configure file contains the
default settings which will satisfy most needs. Now we need to copy the contents of
jail.conf file to the jail.local file. We can use the command:
# sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now, we can open the jail.local file and do some chances in order to secure the server.
# sudo nano /etc/fail2ban/jail.local
It will open the file:
destemail=root@localhost {they both configure
sendername=Fail2Ban the email address}
Ignoreip=12.0.0.1/8 (this IP address is ignore by fail2ban, as by default it configured
not to ban the traffic from local machines)
Bantime=600 (ban the client until the time when they failed to authenticate correctly)
Findtime=3600 ()
Maxretry=6 (number of tries to login before being ban)
Banaction=iptables-multiport
Action= $(action_)s (configure the firewall to reject traffic from the wrong host)
By changing some rules such as:
Under the [Default] we can change the bantime, it will ban the clients for 1 hour
bantime=3600
same under default settings we can configure email alert information using:
destemail= ubuntu@example.com
next we can adjust the action parameter:
we choose action_mwl because it will help us to troubleshoot and gather information
if there are some issues.
action=%(action_mwl)s
if the port number for ssh is 22 then we have to adjust the number of unsuccessful
attempts by editing the maxretry. But in this case the port is different so we only need
to adjust the port parameters.
Changing [nginx-http-auth] section to enable it as true for filtering.
Ports like http and https (80,443), in this way we have enable may services using
Fail2Ban tool that will support and add the rules of firewall automatically.
Another way to secure the server is from web server and the port is 443 as this is more
secure than http (80).
# sudo apt-get install openssl
OpenSSL is a robust, commercial-grade and full-featured toolkit for transport Layer
security (TLS) and Secure Socket Layer (SSL) protocols. It generates RSA private
keys and Certificate Signing Requests (CSRs), checksums, performs encryption and
decryption (Rose Web Services L.L.C[US], 2013).
After installing the openssl, we have created a directory where we can set-up the SSL
certificate file and Keys. We have created a directory where we saved the keys and
certificated using the commands:
# sudo openssl req -x509 -nodes -days 365 -newkeys rsa:2048 -keyout
/etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
This will give a number of questions to answer.
Later, we need to make some changes in the conf file and give a correct path to
SSLCertficateFile and SSLCertificateKeyFile as shown below:
So far, we have created the certificate and Keys. According to the web server, the user
has to make proper configuration for the created certificate in the conf. file. This will
secure the webserver.
Keeping in mind the end goal to secure each part of the server, we ought not utilize
ftp convention, this convention will transmit information by means of web in a non-
secure manner and rather we can utilize vsftpd of ftp with tls association securing our
information transmission.
There are more other techniques for securing the server:
SOME EXTRA TECHNIQUES:
Avoiding IP SPOOFING:
It is technique where the user enters to a computer through unauthorized way. This
procedure, for the most part, begins by distinguishing your host and finding the IP
address trusted by your host with the goal that you can send information or data
packets and the host will consider them to be beginning from a trusted IP address
however that is not the situation (Location, n.d.).
Giving false hostname by the server is called as spoofing. To keep this, we can
arrange the resolver by turning on the setting nospoof.
Host.conf is the file where we can configure this setting.
# sudo nano /etc/host.conf
By adding this command to the host file:
Order bind, hosts
Nospoof on
Some other techniques to secure server is allow only one user to login through ssh
and deactivate the multi-users on the server.
Sysctl.conf
Adding these can improve IP security as it will prevent source routing of incoming
packets and Log malformed to enter in the computer.
#sudo nano /etc/sysctl.conf
Edit the sysctl.conf file and uncomment or add the followings:
# IP Spoofing protection
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
# Log Martians
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.icmp_echo_ignore_all = 1
Later we need to reload the service using the command:
# sudo sysctl -p
Logwatch:
Logwatch is a tool which provides reports on what’s going in the server. It parses
through the systems logs and perform analysis it (Zero, 2012).
Firstly, we need to install the Logwatch using the command:
# sudo apt-get install logwatch
# sudo logwatch
By adding the line in the logwatch file the user can received mails:
# nano /etc/cron.daily/00logwatch
# /usr/sbin/logwatch –output mailto postmaster@acme.com – detail high
Tiger
This is a free tool which is used for both monitoring a host and security auditing. Tiger
supplements this device and furthermore gives a structure in which every one of them
can cooperate. Tiger, it's anything but a log checker, nor it concentrated on
respectability investigation. It does "the other stuff", it checks the framework
arrangement and status (Tiger, n.d.).
To install we can used the command:
# sudo apt-get install tiger
# sudo tiger (it will open tripwire configuration where we need to create a passphrase)