Aseguramiento de Servidores en Un Centro Hibrido de Datos

7/26/2019 Aseguramiento de Servidores en Un Centro Hibrido de Datos

1/22

Servers

Security inHybrid

DataCenters

3/15/2016

By Mario Alberto Guti


2/22

Remote Servers Management (Best practices)

Defence system Servers

The most commons attacks on internet and how toresponse

ContentsImportance of servers security today


3/22

Passwords importance(www.passwordmeter.com)

zapatero 9%

Zapatero 27%

Z@p@t3r0 91%

Z@p@t3r0! 100%

@Z@p3t!0r 100% (@Z - @p 3t - !0r)

Passwords Management(http://kee

pass.info)

Complex passwords generation

Hard encriptyon

Comfort and portability

Remote Servers ManagementPasswords
http://www.passwordmeter.com/http://keepass.info/http://keepass.info/http://keepass.info/http://www.passwordmeter.com/


4/22

Remote Servers ManagementClient computer

Anti shoulder surfing

Limited time on clipboard

Compatible with all the platforms


5/22

Dont use the admin

account like a common

user



6/22

User with limited permissions

Sudo (Linux/Mac)

Runas (Windows)

Update the OS

Antivirus

Anti-malware



7/22

Defense system servers

IDS / IPS

Firewalls

Hardening

comercial and opensource solutions


8/22

Defense system ServersServer

IDS (Intrusion detection system)

IPS (Intrusion preventionsystem)


9/22

Defense system servers

Firewalls

Iptables / netfilter


10/22

Defense system ServersHardening

SSH (Basic)

Change the standard port

Use the second version

Do not allow the root user in the initial login

Increase the encryption to 2048 bits

Use key exchange and deny access by password ssh-keygen

ssh-copy-id

Limited time to sign

Limit access to users

Use tftp to transfer files


11/22


SSH (Advanced) Knockd

Change standard ports


12/22


Opensource solutions ConfigServer Firewall

(http://configserver.com/cp/csf.html)

Webmin integration

IDS/IPS Anti-DDOS

Easy management of Iptables

Server security score
http://configserver.com/cp/csf.htmlhttp://configserver.com/cp/csf.html


13/22

Servers defenseHardening

Example: CSF Server Score


14/22

The most commons attacks on internet

Vulnerability scanning Common attacks and how

response to

Exploit register_globals in php

Remote code execution

Sql injection

DDOS

XSS


15/22

The most commons attacks on internet

Evaluate server security


16/22

The most common attacks on internet

Exploit register_globals in php:

It is a property of php aimed at facilitating the development of programs by passing variables, forms, cookies or sessions, leaving

them available in the global scope of the program.

Page: http://www.tiendaejemplo.com/carrito.php?promo_codigo=superbarato10

If(promo_code ==super10){

$desc= 0.05;}

If(isset($desc)){

$total -= $price * $desc

}
http://www.tiendaejemplo.com/carrito.php?promo_codigo=superbarato10http://www.tiendaejemplo.com/carrito.php?promo_codigo=superbarato10


17/22

Exploit register_globals in php (2):

ATTACK (We got a 90% discount)Page:http://www.tiendaejemplo.com/carrito.php?promo_codigo=meloinvento&descuento=0.9

// if initialise here desc to 0 patch the problem

$desc=0;If(promo_code ==super10){

$desc = 0.05;

}

If(isset($desc) && desc > 0){

$total -= $price * $desc

}

http://www.tiendaejemplo.com/carrito.php?promo_codigo=meloinvento&descuento=0.9http://www.tiendaejemplo.com/carrito.php?promo_codigo=meloinvento&descuento=0.9


18/22

Remote code execution (eval)

ATTACK (We managed to run a command)Page: http://www.tiendaejemplo.com/carrito.php?cp=system(ifconfig)


19/22

SQLINJECTION

query = "SELECT * FROM users WHERE email = '"

+ email +"' AND pass = '" + pass + "';";

SELECT * FROM users WHERE email =

[email protected]' AND pass =zapatero';


[email protected] ' AND pass = '' OR '1' = '1';

Email: [email protected]

Password: ' OR '1' = '1

mailto:[email protected]:[email protected]:[email protected]:[email protected]


20/22

The most common attacks on internetHardening

SQL INJECTION(2)

Solution: COMPARE AND FILTER ENTRIESFUNCTION: mysql_real_escape_string()


[email protected]' AND pass = x;DROP TABLE

usuarios; --;

Email: [email protected]

Password: x'; DROP TABLE usuarios; --
mailto:[email protected]:[email protected]


21/22


DDOS(Distributed Denial of Service)

Basic response for DDOS attacks in the po r t 80

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -mrecent set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -mrecent --update --seconds 45 --hitcount 10 -j DROP

Scanning IPs connected to our server

netstat -ntu | tail -n +3 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c| sort n

banning IP

iptables -A INPUT -s -j DROP


22/22

Conclusions

Keep your client computer updated and use it with anon-privileged user.

Establish preventive safety measures and set up alefor the protection of our server.

Perform periodic security audits to maintain astandard of safety.

DADA brand architecture

Documents

Aseguramiento de Servidores en Un Centro Hibrido de Datos