2

I have two leased centos servers, one to run mysql for backends to the web and mail server on the other, as well as data from my android apps. I am only planning to give access to the data server if you're coming through my apps or front-end server (api or no). Can I count on encryption keys for this?

I'm not planning on giving anyone else shell accounts at this time, only mail provided by cyrus-imapd as described here. I will be logging on via certificate only. I plan on developing a secure content provider that establishes a ssh tunnel to modify my data from my android apps.

What kind of attacks can I still expect? Please tell me this won't happen to me, or a repeat of the time my server was hijacked and became the sender of a billion spam mails. I've jettisoned commercial cms and panels, but my provider does use parallels. Oh and I'll be using tripwires on both systems (bonuses for good tripwire recommendations.)

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Sinthia V
  • 133
  • 4

2 Answers2

3

Assuming your cert is strong, and not generated by a compromised or weak piece of software, certificate-only root login protects you against root logins from people who do not have your certificate. That's it.

It does not protect you against remote access vulnerabilities or exploits, it does not protect you against someone stealing your certificate, it does not protect your server against being hacked, backdoored or otherwise compromised.

It is analogous to an unpickable lock on your door. A house with an unpickable door lock can still be broken into through the garage, through the windows, by kicking the door in or via other more creative means. Likewise, a server protected by a certificate-only root login can be compromised in many ways ... just not by brute-forcing the root login password.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
  • I guess I noticed that a lot of these exploits depend on getting root access. I am trying to figure out if I can prevent these by eliminating passwords altogether. They got my mail server last time by compromising my ISP admin panel. I think without a password it wouldnt have worked, but I am not a security expert. Just an IT Developer. – Sinthia V Apr 21 '16 at 05:23
  • @SinthiaV Actually, ransomware in particular does not rely on root or admin access. It's happy to run as a limited user (which it usually does) and encrypt every file of the types it's after that a limited user has access to. Proper use of permissions to prevent users from having write access they don't need can mitigate the damage, but that's all - it just mitigates the damage, it doesn't prevent it. – HopelessN00b Apr 21 '16 at 05:26
  • @SinthiaV good observation, poor response; there are *lots* of ways to acquire root privileges on a system. HN is dead right: this protects you against exactly *one* attack mode, though it is excellent protection against that one. You can't turn this on, then forget about security; you must still keep up with your patches, carefully audit your application's codebase, minimise privilege, tune your firewall, check your tripwires, monitor your server for unusual activity, and be careful what you do as root (*inter alia*). Security is a *process*, not a fire-and-forget. – MadHatter Apr 21 '16 at 05:27
  • Most of what you are talking about I assumed, since every security book in the world says so, but my shared hosting experiences made me parinoid. I'm going to give HN his points now. – Sinthia V Apr 21 '16 at 15:26
0

Good enough.

You'll have a server which can't be hacked with brute-force SSH login that's all. Your certificate can be compromised, there can be future SSH protocol vulnerabilities, your server can be hacked with some other trick, so on.

Will it be more secure? Yes. Will it be absolutely secure? No.

Valentin
  • 21
  • 1
  • 1
  • 6