Dear Experts!
Please answer on several question relating to security:
1) Which problems with security appear most often?
2) What does cause such problems?
3) What are consequences of problems with security system?
4) What kind of security do you mean is the best?
Thant you very much,
Hezer.

I'm not the best with server management or security, but here is my experience.

There is always the common sense security issue of passwords. I always recommend to my clients that they make their password as secure as possible and make sure that they do not share it. cPanel has helped with that, because they have established rules when creating passwords. The biggest problem that I have encountered is an unsecure software release that has some type of backdoor entry. Of course these are hard to detect and correct, unless you create the software yourself. The consequences of any security error can be very small, or extremely damaging. I don't really understand your 4th question. Can you be more clear?

1. Software - Uninstall / disable everything you don't need..
tips:
Change a ssh port and lock it to your IP only
Disable direct root login
Install chkrootkit, tripwire .. (do a google search)
Atleast install firewall (APF is good) or get a hardware firewall
Allways have offsite backups

Hope it helps

make sure your /tmp and /var/tmp directory is secure.

You can make them secure by disallowing execution in those directories by going into /etc/fstab and put in "noexec" in the options.

Also, you might now want to be so generous when giving out SSH access as it can sometimes pose a problem when somebody feels the need to "play".

Try looking at webhosting tutorial under security to get started. Then keep updated with security websites.

You can also look here -> http://www.hostinglife.com/security.php

MOD NOTE: Post deleted. Advertising material is not allowed. Please consult the forum rules.

Most of this has been covered but here is our list which is with servers (versus desktops) in mind:

1. Turn off every service (telnet, portmapper, etc.) that you do not absolutely need. You can always turn it on later. We run sshd, httpd, sendmail, ftp, the network and not much else unless it is requested.
2. Make sure everything on the server is updated regularly. Use some type of automated updater to help with this (e.g. yum, rhn up2date, etc.) to insure it gets done regularly.
3. Backup configuration and customer data daily or at least weekly
4. Use good passwords (by default most unix OSs will at least warn you of poor password choices).

The other items mentioned (firewall, sshd restrictions,etc.) are nice to have but we have found that if the server is kept up to date and isn't running anything out of the ordinary (we try to stick only to the OS vendor's RPMS) and has decent passwords it doesn't get hacked. Backups are for when you don't follow the above items or when you do and a drive breaks (which is the most common hardware failure). Good luck.

http://www.securityfocus.com/


This is a great place for server security, hope this helps