Aseguramiento de Servidores en Un Centro Hibrido de Datos
-
Upload
mario-alberto-gutierrez-corral -
Category
Documents
-
view
225 -
download
0
Transcript of Aseguramiento de Servidores en Un Centro Hibrido de Datos
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
1/22
Servers
Security inHybrid
DataCenters
3/15/2016
By Mario Alberto Guti
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
2/22
Remote Servers Management (Best practices)
Defence system Servers
The most commons attacks on internet and how toresponse
ContentsImportance of servers security today
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
3/22
Passwords importance(www.passwordmeter.com)
zapatero 9%
Zapatero 27%
Z@p@t3r0 91%
Z@p@t3r0! 100%
@Z@p3t!0r 100% (@Z - @p 3t - !0r)
Passwords Management(http://kee
pass.info)
Complex passwords generation
Hard encriptyon
Comfort and portability
Remote Servers ManagementPasswords
http://www.passwordmeter.com/http://keepass.info/http://keepass.info/http://keepass.info/http://www.passwordmeter.com/ -
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
4/22
Remote Servers ManagementClient computer
Anti shoulder surfing
Limited time on clipboard
Compatible with all the platforms
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
5/22
Dont use the admin
account like a common
user
Remote Servers ManagementClient computer
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
6/22
User with limited permissions
Sudo (Linux/Mac)
Runas (Windows)
Update the OS
Antivirus
Anti-malware
Remote Servers ManagementClient computer
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
7/22
Defense system servers
IDS / IPS
Firewalls
Hardening
comercial and opensource solutions
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
8/22
Defense system ServersServer
IDS (Intrusion detection system)
IPS (Intrusion preventionsystem)
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
9/22
Defense system servers
Firewalls
Iptables / netfilter
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
10/22
Defense system ServersHardening
SSH (Basic)
Change the standard port
Use the second version
Do not allow the root user in the initial login
Increase the encryption to 2048 bits
Use key exchange and deny access by password ssh-keygen
ssh-copy-id
Limited time to sign
Limit access to users
Use tftp to transfer files
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
11/22
Defense system ServersHardening
SSH (Advanced) Knockd
Change standard ports
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
12/22
Defense system ServersHardening
Opensource solutions ConfigServer Firewall
(http://configserver.com/cp/csf.html)
Webmin integration
IDS/IPS Anti-DDOS
Easy management of Iptables
Server security score
http://configserver.com/cp/csf.htmlhttp://configserver.com/cp/csf.html -
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
13/22
Servers defenseHardening
Example: CSF Server Score
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
14/22
The most commons attacks on internet
Vulnerability scanning Common attacks and how
response to
Exploit register_globals in php
Remote code execution
Sql injection
DDOS
XSS
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
15/22
The most commons attacks on internet
Evaluate server security
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
16/22
The most common attacks on internet
Exploit register_globals in php:
It is a property of php aimed at facilitating the development of programs by passing variables, forms, cookies or sessions, leaving
them available in the global scope of the program.
Page: http://www.tiendaejemplo.com/carrito.php?promo_codigo=superbarato10
If(promo_code ==super10){
$desc= 0.05;}
If(isset($desc)){
$total -= $price * $desc
}
http://www.tiendaejemplo.com/carrito.php?promo_codigo=superbarato10http://www.tiendaejemplo.com/carrito.php?promo_codigo=superbarato10 -
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
17/22
Exploit register_globals in php (2):
ATTACK (We got a 90% discount)Page:http://www.tiendaejemplo.com/carrito.php?promo_codigo=meloinvento&descuento=0.9
// if initialise here desc to 0 patch the problem
$desc=0;If(promo_code ==super10){
$desc = 0.05;
}
If(isset($desc) && desc > 0){
$total -= $price * $desc
}
The most common attacks on internet
http://www.tiendaejemplo.com/carrito.php?promo_codigo=meloinvento&descuento=0.9http://www.tiendaejemplo.com/carrito.php?promo_codigo=meloinvento&descuento=0.9 -
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
18/22
Remote code execution (eval)
ATTACK (We managed to run a command)Page: http://www.tiendaejemplo.com/carrito.php?cp=system(ifconfig)
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
19/22
SQLINJECTION
query = "SELECT * FROM users WHERE email = '"
+ email +"' AND pass = '" + pass + "';";
SELECT * FROM users WHERE email =
[email protected]' AND pass =zapatero';
SELECT * FROM users WHERE email =
[email protected] ' AND pass = '' OR '1' = '1';
Email: [email protected]
Password: ' OR '1' = '1
The most common attacks on internet
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
20/22
The most common attacks on internetHardening
SQL INJECTION(2)
Solution: COMPARE AND FILTER ENTRIESFUNCTION: mysql_real_escape_string()
SELECT * FROM users WHERE email =
[email protected]' AND pass = x;DROP TABLE
usuarios; --;
Email: [email protected]
Password: x'; DROP TABLE usuarios; --
mailto:[email protected]:[email protected] -
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
21/22
The most common attacks on internet
DDOS(Distributed Denial of Service)
Basic response for DDOS attacks in the po r t 80
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -mrecent set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -mrecent --update --seconds 45 --hitcount 10 -j DROP
Scanning IPs connected to our server
netstat -ntu | tail -n +3 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c| sort n
banning IP
iptables -A INPUT -s -j DROP
-
7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos
22/22
Conclusions
Keep your client computer updated and use it with anon-privileged user.
Establish preventive safety measures and set up alefor the protection of our server.
Perform periodic security audits to maintain astandard of safety.
DADA brand architecture