I am in the planning stages for a new home server where I plan on running Ubuntu. In looking at my hardening options, I wanted to add DigSig.
http://disec.sourceforge.net/
I noticed however that DigSig went out of maintenance on March 5, 2009. Should I consider another package or stick with my original plan?
--Thank you,
--Mike Jr
-
I do not recommend to use a solution that is no longer maintained.
There are many other ways to improve the security of a server. What do you really want?
One of my favorite is grsecurity (http://www.grsecurity.net). It's main goal is to protect agains buffer overflow attacks.
Mike Jr :Thank you. I was wondering what other users (or potential users) of DigSig were thinking.
I arrived here after reading the following URL:
http://www.itsecurity.com/features/ubuntu-secure-install-resource/
Under Important Software grsecurity was the first packaged mentioned.
To keep your computer secure, install the following software:
- grsecurity - A complete security suite for protecting Linux's kernel.
Mike Jr : Hmm, http://www.itsecurity.com/features/ubuntu-secure-install-resource/cstamas : Yeah it's a good checklist too.From cstamas -
Just curious. Is this home server exposed to the Internet in any way? If not, security should be somewhat irrelevant unless you have malicious people in your home. One way to ensure security of your network is simply to use VPN or other remote access methods to securely access your home network (even using public/private key encryption on the tunnel) and from there you shouldn't need to harden a home server.
Mike Jr : Yes, exposure to the internet is my concern. I have two other computers that I plan on networking in via a wireless router.Kevin Kuphal : Like I mentioned, unless it is *directly* exposed to the Internet using port forwarding from your router or some other method, there's very little risk. Set up a VPN (using OpenVPN perhaps or via your router). Secure your wireless using WPA/WPA2 with MAC address filtering and your risk is very minimal.Mike Jr : I have been reading "Counter Hack", by Ed Skoudis, pub. Prentice Hall PTR. Ed paints a pretty scary picture. I agree though about about the need to secure my wireless connection. WPA2 with AES in hardware has only a small (one percent) performance hit.Mike Jr : I am worried about root kits (e.g. replacements for /bin/login). See Ed's book, pages 424-433. Maybe I will just use Tripwire. Anybody willing to give a vote of confidence in Open Source Tripwire 2.4.1.2?Kevin Kuphal : I go back to what risk are you exposed to anyways. If your system is not accessible via the internet directly and access is only via VPN and/or public/private key encryption or physical access, what risk do you have for rook kit installation other than by yourself?Mike Jr : > what risk do you have for rook kit installation other than by yourself? Ed Skoudis gives several real world scenarios by which hackers have gained control of systems. Hacking has become a multi-billion dollar industry run by organized crime out of places like the Republic of Albania. My perception of the threat is high.From Kevin Kuphal
0 comments:
Post a Comment