by Akash Mahajan (@makash) on Wednesday, 9 May 2012

+19
Vote on this proposal
Status: Confirmed
Section
Security

Session type
Tutorial

Technical level
Beginner

Media

Objective

Learn the basic approaches to securing linux based web servers without getting too technical. This talk will be useful for anyone running a linux server with full root access.

You don't need to be an experienced system administrator to understand and use the content of this talk. But if you are a full time system admin you will get to know a structured way of looking at server security.

The following types of servers running Linux Virtual Private Server/Dedicated Server/Rackspace Cloud Instance/Amazon EC2

Not going to help if you have your website on Shared servers like Dreamhost/Go Daddy/Host Gator

Description

You will learn the holistic way of securing a linux server which can serve web sites. The 80/20 rule about hardening your linux web server with minimal effort.

In Brief This is what we will cover

  • Reducing the attack surface.
  • Patching and Updates
  • Securing Secure Shell Access
  • Securing Apache
  • Securing MySQL
  • Logging and Monitoring
  • Setting up a basic firewall

Not going to be covered ( Mostly because of lack of time and ROI )

  • Securing Email Servers
  • Setting up VPNs
  • Protecting Against Denial of Service Attacks
  • Setting up SELinux, GRSec, Custom Kernels
  • Chroot Jails
  • DNS Server

Not Going to Discuss

  • Why Ubuntu and why not <INSERT FAV. DISTRO>
  • Why Not BSD
  • Why Apache and why not <INSERT FAV. WEB SERVER>

Requirements

Mandatory

An open mind, a sense of humour.

Good To Have

  • Bring a laptop running Ubuntu Server 10.04 LTS if you want to try out things.
  • Refresh your understanding of the TCP/IP Stack
  • Get a notebook to take notes
  • You should have some idea what the following words mean SSH, Apache, Web Server, Database Server, MySQL, BASH, Command Line

Speaker bio

I freelance as a Web Security Consultant. I help companies become secure by helping them understand approaches to security for servers, web applications, user data and sometimes their network.

Among other things I am the co-founder+Community Manager for "null - The Open Security Community" and OWASP Bangalore

Comments

  • 1
    [-] Akash Mahajan (@makash) Proposer 5 years ago (edited 5 years ago)

    Please download the checklist directly from my server ("http://dp7937fi8z10f.cloudfront.net/Securing-Linux-Web-Server-in-10-Steps-or-Less.pdf")

Login with Twitter or Google to leave a comment