Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

Security is not a product, but a process.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6774 questions
106
votes
5 answers

SSH keypair generation: RSA or DSA?

SSH supports two signature algorithms for key pairs: RSA and DSA. Which is preferred, if any? For RSA, what is the minimum acceptable key length?
Brad Ackerman
  • 2,141
  • 2
  • 17
  • 19
106
votes
6 answers

"POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what does this mean?

I've got a CentOS 5.x box running on a VPS platform. My VPS host misinterpreted a support inquiry I had about connectivity and effectively flushed some iptables rules. This resulted in ssh listening on the standard port and acknowledging port…
Mike B
  • 11,570
  • 42
  • 106
  • 165
103
votes
6 answers

Tips for Securing a LAMP Server

This is a Canonical Question about Securing a LAMP stack What are the absolute guidelines for securing a LAMP server?
Aditya Shukla
  • 1,031
  • 3
  • 8
  • 3
100
votes
17 answers

Does drilling a hole into a hard drive suffice to make its data unrecoverable?

We have a lot of PCs in the company and nobody wants to wipe a multitude of hard drives. We also have many apprentice toolmakers who really want to destroy things. Thus, every couple of months, our apprentices receive two heavy baskets of hard…
RubbelDieKatz
  • 941
  • 2
  • 6
  • 15
100
votes
10 answers

How to add a security group to a running EC2 Instance?

I have an Amazon EC2 instance running and I will like to add another security group to that instance and then remove the current security group from that instance. Is this possible?
Geo
  • 3,061
  • 11
  • 41
  • 52
88
votes
8 answers

Heartbleed: how to reliably and portably check the OpenSSL version?

I was looking at a reliable and portable way to check the OpenSSL version on GNU/Linux and other systems, so users can easily discover if they should upgrade their SSL because of the Heartbleed bug. I thought it would be easy, but I quickly ran into…
Martijn
  • 833
  • 1
  • 6
  • 10
84
votes
3 answers

How to inspect remote SMTP server's TLS certificate?

We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently. Now, when Exchange tries to deliver mail…
Skyhawk
  • 14,149
  • 3
  • 52
  • 95
82
votes
11 answers

Dealing with HTTP w00tw00t attacks

I have a server with apache and I recently installed mod_security2 because I get attacked a lot by this: My apache version is apache v2.2.3 and I use mod_security2.c This were the entries from the error log: [Wed Mar 24 02:35:41 2010] [error]…
Saif Bechan
  • 10,892
  • 10
  • 40
  • 63
81
votes
7 answers

OpenVPN vs. IPsec - Pros and cons, what to use?

Interestingly I have not found any good search results when searching for "OpenVPN vs IPsec". So here's my question: I need to set up a private LAN over an untrusted network. And as far as I know, both approaches seem to be valid. But I do not know…
jens
  • 991
  • 1
  • 9
  • 10
80
votes
6 answers

How to test if my server is vulnerable to the ShellShock bug?

How can I ensure my Bash installation is not vulnerable to the ShellShock bug anymore after the updates?
Giovanni Tirloni
  • 5,693
  • 3
  • 24
  • 49
75
votes
5 answers

How do I protect my company from my IT guy?

I'm going to hire an IT guy to help manage my office's computers and network. We're a small shop, so he'll be the only one doing IT. Of course, I'll interview carefully, check references, and run a background check. But you never know how things…
Jesse
  • 1,910
  • 3
  • 23
  • 28
74
votes
1 answer

Explanation of nodev and nosuid in fstab

I see those two options constantly suggested on the web when someone describes how to mount a tmpfs or ramfs. Often also with noexec but I'm specifically interested in nodev and nosuid. I basically hate just blindly repeating what somebody…
Ivan Kovacevic
  • 1,671
  • 3
  • 14
  • 19
74
votes
12 answers

Does changing default port number actually increase security?

I have seen advice saying you should use different port numbers for private applications (e.g. intranet, private database, anything that no outsider will use). I am not entirely convinced that can improve security because Port scanners exist If an…
Sam
  • 955
  • 1
  • 7
  • 8
73
votes
3 answers

What is the difference between /sbin/nologin and /bin/false?

I have often heard it recommended that a user account should be disabled by setting its shell to /bin/false. But, on my existing Linux systems, I see that a great number of existing accounts (all of them service accounts) have a shell of…
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
73
votes
11 answers

Why is SSH password authentication a security risk?

Most guides for OpenSSH configuration advise to disable password authentication in favor of key-based authentication. But in my opinion password authentication has a significant advantage: an ability to connect from absolutely anywhere without a…
Septagram
  • 927
  • 1
  • 8
  • 13
1
2
3
99 100