Archive for March 2013
1U - 7U
The 1U, 2U, 3U, 4U, 5U, 6U and 7U are all
different sized rackmountservers; the U following the number is short for unit. The number
indicates the size of the rackmount, 1U being the smallest rackmount and 7U
being the biggest rackmount. Below is a listing of each of the different units
and their dimensions, although the Width and Height of a rackmount may be standard, the depth of
a rackmount may change, as can be seen below. If your rackmount server is going
to be placed in a constrained area, it's best to verify with the manufacturer
of the rackmount what the exact dimensions are. In the picture to the right, is
a picture Courtesy of Dell Inc. of some of the Dell PowerEdge
servers and examples of different rackmount units.
1U
|
19" x 1.75" x 17.7"
19" x 1.75" x 19.7"
19" x 1.75" x 21.5"
|
2U
|
19" x 3.5" x 17.7"
19" x 3.5" x 20.9"
19" x 3.5" x 24"
|
3U
|
17.1" x 5.1" x
25.5"
|
4U
|
19" x 7" x 17.8"
19" x 7" x 26.4"
|
5U
|
19" x 8.34" x
19.67"
19.1" x 8.75" x
26.4"
|
6U
|
19" x 10.5" x 19.5"
|
7U
|
17" x 12.2" x 19.8"
|
79 Web Server Security Tips
Here are 79 tips to help you improve your web server security. I start with passwords as you would be surprised at the number of cases we handle that boil down to bad passwords. Web application security can also be improved with some simple steps and it is time everyone stop using insecure communication protocols. Check out the list and send in your tips to get up to 100.
Password Security
- Use passwords with at least 8 characters.
- Use complex passwords that include numbers, symbols, and punctuation.
- Use a variety of passwords for different accounts or roles.
- Test passwords in a secure password tool.
- Do not use dictionary words as passwords, e.g. myblackdog
- Do not repeat sequences of characters, e.g. 3333, abcdabcd.
- Do not use personal information in passwords, e.g. your birthdate.
- Do not store passwords on laptops, smartphones or tablets that can be lost.
- Use a password manager to securely keep track of your passwords (See our post on LastPass).
- Setup two-factor authentication when available.
- Use a secure password generator.
Secure Communications
- Use Secure FTP instead of plain FTP.
- Use SSH instead of telnet.
- Use Secure Email Connections (POP3S/IMAPS/SMTPS)
- Secure all web administration areas with SSL (HTTPS).
- Secure your web forms with SSL (HTTPS).
- Use VPN when available.
- Use firewalls on all endpoints, including servers and desktops.
- Use residential/office firewall/IPS systems.
- Encrypt highly sensitive emails.
- Do not use public computers to access sensitive information.
Web Application Security
- Sign up for notices about web application updates.
- Update your web applications promptly.
- Scan web applications using remote security tools such as Nessus.
- Use a web application firewall.
- Test file upload fields to assure code cannot be uploaded.
- Have custom code reviewed for security issues.
- Use coding frameworks with good security history.
- Do not rely solely on obscure directory/file names for security.
- Secure web application admin areas with IP based restrictions.
- Sanitize user input.
- Put sensitive files outside of document root or restrict access.
- Avoiding using shell commands within scripts.
- Don’t trust HTTP Referrer fields as they are easily forged.
- Use POST instead of GET to submit data so sensitive information is not in the URL.
- Validate data server-side not client-side.
- Do no rely on relative file and path names. Always set base directories.
- Specify permissions when creating files.
- Limit file upload, creation activities to specific directories.
- Create safe error messages by not disclosing sensitive information in errors.
- Be careful of what data you trust from a cookie; it can be manipulated.
- Encrypt configuration files that contain sensitive logins.
- Guard against application level DOS attacks by limiting field input length.
- Disable url fopen if possible.
- Enable safe mode, include directory and open base restrictions if possible
- Disable dangerous PHP functions if possible
- Be careful of naming files *.bak, *.txt or *.inc within the web document root.
- Be careful using version management tools on your doc root.
- Set default reply-to’s for web applications and monitor the email for bounces.
- Use version control systems.
- Use bug tracking and change log systems
Server Security
- Update your OS regularly – as in within hours of critical updates.
- Update your control panel regularly.
- Reduce information disclosure, e.g. changing ServerTokens in Apache.
- Don’t install software that is not used.
- Don’t store backups or old versions of software on the production system.
- Restrict access to directories with proper permissions
- Make sure logs are working properly.
- Make sure you log all admin level accesses with date, times and usernames.
- Make sure you use a firewall.
- Remove default accounts in MySQL.
- Disable direct root login in SSH.
- Get rid of passwords with SSH keys.
- Disable unused services.
- Maintain backups.
- Test backups.
- Do not do development on production systems.
- Stay updated with subscriptions to security notification services.
- Monitor web traffic for unusual activity.
- Conduct regular, remote security scans.
- Conduct regular, local security scans.
- Harden default service settings in Apache, SSH and other services.
- Use root account only when required.
- Use sudo to grant others root level access.
- Enable SELinux if possible.
- Use private networks for internal server traffic.
- Use encryption when appropriate.
- Conduct password audits.
- Enforce strong passwords and change policies.
10 Immutable Laws of Security Administration Revisited
Over eight years ago, Scot Culp of Microsoft, published two white papers that get tossed around in security circles over and over. The 10 Immutable Laws of Security Administration and the 10 Immutable Laws of Security are often referenced in introductory security classes. Though these rules are dated, they are still relevant today. Just want to comment on a few of them and how we see them impacting our clients today.
10 Immutable Laws of Security Administration
- Law #1: Nobody believes anything bad can happen to them, until it does
- Law #2: Security only works if the secure way also happens to be the easy way
- Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
- Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
- Law #5: Eternal vigilance is the price of security
- Law #6: There really is someone out there trying to guess your passwords
- Law #7: The most secure network is a well-administered one
- Law #8: The difficulty of defending a network is directly proportional to its complexity
- Law #9: Security isn’t about risk avoidance; it’s about risk management
- Law #10: Technology is not a panacea
Law #1 Nobody believes anything bad can happen to them, until it does
This is probably the biggest stumbling block we encounter when working with small businesses. People like to think they are not targets, and to some extent, small businesses are not targets. The issue is that a significant amount of server compromises are not directed attacks but simply random scanning. If a bot scans your server and finds vulnerabilities, you quickly become a target. You don’t have to hang a “Can’t Hack This!” sign to solicit attention. If the random scanning turns up a juicy port or application, you become a target. So while you may not think it will happy to you, I can assure you that your server is being scanned frequently.
Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
The key value of our Linux server management offerings is the software update service. Beyond the monitoring and help desk support, our routine application of security patches keeps minor exploits from becoming major ones and reduces the chance of a critical security failure. Staying on top of security threats and plugging holes is vital. The number one issue we see is web applications. While we can do everything to keep the server secure, if you don’t update your web applications, you can quickly become a victim. Web applications have quickly risen to the top of SAN’s Top 20 threats and will likely remain there until easier update methods emerge.
Law #6: There really is someone out there trying to guess your passwords
rackAID earns $1000’s per year fixing security issues that were directly attributed to poor password security. Nearly every month, we encounter some system with a very poor password or using the same password in multiple contexts. You can use Winguide’s Password Generator to make a strong password (8 characters with numbers, capitalization, and symbols). If you are worried about forgetting passwords, search for any number of password management tools.
Law #8: The difficulty of defending a network is directly proportional to its complexity
This is why when you want us to add some third party software we push back. Adding complexity should only be done when it is a business or technological necessity. As I pointed out with Red Hat Updates, keeping things stock is critical to easy server management.
Law #10: Technology is not a panacea
Too often people forget that there are other people out there trying to do bad things to their network. Clever security technology can be cracked by clever hackers. Planning for security, implementing those plans, and knowing what to do when something does go wrong is key. This is one reason we push ourCDP backup services. By retaining older backups, we can easily roll back a system to a pre-intrusion state. Our server backup services save many people after their outdated blog software was hacked.
These are some of the key issues we see impacting our clients. I recommend you review the full list of 10 Immutable Laws of Security Administration and 10 Immutable Laws of Security. Though written years ago, they are still relevant today.
12 Point Server Maintenance Checklist
Just like any other computer, Linux servers need periodic maintenance. Here are a twelve things to check on a regular basis to keep your system running smoothly. This is just a quick check list. It is not meant to be exhaustive or explain how to do these things, but keeping tabs on these items can reduce server issues. These are just some of the things we do as part of our server management work.
Server Maintenance Checklist
Server Maintenance Checklist
1. Verify your backups are working. Before making any changes to your production system, be sure that your backups are working. You may even want to run some test recoveries if you are going to delete critical data. While focused on backups, you may want to make sure you have selected the right backup location.
2. Check disk usage. Don’t use your production system as an archival system. Delete old logs, emails, and software versions no longer used. Keeping your system free of old software limits security issues. A smaller data footprint means faster recovery should a disk fail. If your usage is exceeding 90% of disk capacity, either reduce usage or add more storage. If your partition reaches 100%, your server may stop responding, database tables can corrupt and day can be lost.
3. Check RAID Alarms. If you are using RAID (and you should be), check that your RAID’s error notification system is configured properly and works as expected. Most RAID levels tolerate only a single disk failure. If you miss a RAID notification, a simple disk replacement could turn into a catastrophic failure.
4. Update your OS. Updates for Linux systems are release almost daily. Many of these fix important security issues. At rackAID, we update systems daily (sometimes even more frequently). If you do not have a management service or auto-updates enabled, be sure to review your OS for any critical security updates. Get on the mailing list for your OS so you know when critical security patches are released. If you have a kernel update, you will need to reboot your server unless you use a took like Ksplice.
5. Update your Control Panel. If you are using a hosting or server control panel, be sure to update it as well. Sometimes this means updating not only the control panel itself, but also software it controls. For example, with WHM/cPanel, you must manually update PHP versions to fix known issues. Simply updating the control panel does not also update the underlying Apache and PHP versions used by your OS.
6. Check application updates. Most security issues we investigate are due to outdated web applications. After you have updated your server, be sure to review the web applications and update them as well.
7. Check remote management tools. If your server is co-located or with a dedicated server provider, you will want to check that your remote management tools work. Remote console, remote reboot and rescue mode are what I call the 3 essential tools for remote server management. You want to know that these will work when you need them.
8. Check for hardware errors. You may want to review the logs for any signs of hardware problems. Overheating notices, disk read errors, network failures could be early indicators of potential hardware failure. These are rare but worth a look, especially if the system has not been working within normal ranges.
9. Check server utilization.“ Review your server’s disk, CPU, RAM and network utilization. If you are nearing limits, you may need to plan on adding resources to your server or migrating to a new one.
10. Review user accounts. If you have had staff changes, client cancellations or other user changes, you will want to remove these users from your system. Storing old sites and users is both a security and legal risk. Depending on your service contracts, you may not have the right to retain a client’s data after they have terminated services.
11. Change passwords. I recommend changing passwords every 6 to 12 months, especially if you have given out passwords to others for maintenance.
12. Check system security. I suggest a periodic review of your server’s security using a remote auditing tool such as Nessus. Regular security audits serve as a check on system configuration, OS updates and other potential security risks. I suggest this at least 4 times a year and preferably monthly. Also, you may want to revisit the 10 immutable laws of security administration.How to change language in Photoshop CS6...
How to change language in Photoshop CS6 from german (or any else) to English? (Windows)
Simply navigate to this directory:
C:\Program Files\Adobe\Adobe Photoshop CS6\Locales\de_DE\Support Filesthe de_DE folder is named such because my version is german. Just find the similar named folder that looks like it should correspond with your language.In the support files directory there will be a file named tw10428.dat
ATTENTION: Bakup the original file!Make sure that photoshop is closed, change the file extension to .bak instead of .dat, and then restart photoshop.
Your software will now be in English.
Simply navigate to this directory:
C:\Program Files\Adobe\Adobe Photoshop CS6\Locales\de_DE\Support Filesthe de_DE folder is named such because my version is german. Just find the similar named folder that looks like it should correspond with your language.In the support files directory there will be a file named tw10428.dat
ATTENTION: Bakup the original file!Make sure that photoshop is closed, change the file extension to .bak instead of .dat, and then restart photoshop.
Your software will now be in English.
Wednesday, March 27, 2013
Lock Your :PC with Pen-Drive
We can lock Laptops with Finger print reader,
Eye Scanner, Face Recognition etc.. but what about the personal computers?
You can lock your personal
computer with USB by using Predator. If you lock your PC with Predator,
computer will work only when the USB in plugged in.
If you removed USB from computer , Mouse and Key board will get disabled automatically and screen will get dark. To unlock the computer, you should insert the USB again.
Click here to Download Predator
If you removed USB from computer , Mouse and Key board will get disabled automatically and screen will get dark. To unlock the computer, you should insert the USB again.
Click here to Download Predator
Now install the software.
Predator will launch automatically after the installation.
Now insert USB to the computer
you will get a message to set new password.
click on OK and set your New password
Then Choose the correct Drive letter from "USB Key Drive"
Predator will launch automatically after the installation.
Now insert USB to the computer
you will get a message to set new password.
click on OK and set your New password
Then Choose the correct Drive letter from "USB Key Drive"
After this click on Create Key
Then Click on OK
Note : This process will not format your USB.
Then Click on OK
Note : This process will not format your USB.
Sunday, March 3, 2013