Results 1 to 2 of 2
Hi all, I am looking at using Linux (probably Ubuntu or Debian) in a corporate production environment to be used solely for running OSSEC (Intrusion detection system - this is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-29-2009 #1
- Join Date
- Sep 2009
How secure out of the box?
I am looking at using Linux (probably Ubuntu or Debian) in a corporate production environment to be used solely for running OSSEC (Intrusion detection system - this is the collection server for all other MS servers in the network).
I don't have much experience with Debian but I have used it and setup an intranet web server and created a script or two.
This server will not be publicly accessible but it will be on the same network (physically - separated via a VLAN) as some webservers which take credit card details etc. in our colocation hosting environment. This entire environment is MS based.
My question is, how secure is the likes of Ubuntu or Debian out of the box with a strong root password?
Is there anything else I need to be aware of from a security point of view?
Am I mad to use Linux in this situation with not a huge amount of *nix experience?
- 09-29-2009 #2
Personally if I am running a production server in a corp environment I would go for something like CentOS. There will be a lot longer support cycle than debian or ubuntu will provide as far as security updates go. Out of the box it should be very secure. You mention it will not be publicly accessible so I imagine you only need to secure internal threats? Remote access can be disabled if you do not enable SSH server, but this would make remote access for you difficult. If you need SSH then something to consider is having it listen on a non default port, this will not guarantee it is not attacked but it will prevent most common brute force techniques which only try to access specific common ports. Also, disable root login on SSH and only allow login with users that have minimal privilege and no sudo privilege. These users will only operate in their home directory with only read access outside of it. You can then su to root to do the other things. You can also use iptables to lock down all other ports and block ICMP pings.