Presentation on theme: "Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang."— Presentation transcript:
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang
Linux is mainly used for setting up network server. Today the reports that server and websites are hacked by hackers can be seen almost every day; with the variety of network applications, the forms and methods of attacking are also changing. How to enhance the security of Linux server becomes one of the most important issues that concern the Linux system administrators.
Linux system belongs to open source software. Because of its technical features like high stability and security, strong network load and small hardware demand, it has been quickly promoted and implemented since its birthday, and has developed into one of the mainstream server operating systems in the current world.
Linux service includes contents of DNS, DFS, Samba, Sendmail, Posfix, Apache….. APACHE
(1) The client (browser) and Web server will build a TCP connection. Then it sends an access request (like “get”) to the Web server. According to HTTP protocol, the request includes information like IP address, browser type and URL of the client. (2) After the Web server receives the request, it turns the requested pages back to the client. If errors appear, it turns back an error code. (3) Disconnect from the remote Web server.
Install patches regularly The latest change log in http://www.apache.org/ are written: bug fix, security bug fix. Hide and mask Apache version The method to remove Apache version number is to change configuration file/etc/httpd.conf.
Apache server includes four main directories as follows ServerRoot ： save configuration file, binary files and other server configuration files. DocumentRoot ： save content of Web sites including HTML files and pictures. ScriptAlias ： save CGI script. Customlog and Errorlog ： save access logs and error logs.
Principle of least privilege is one of the most basic principles in system security. It restricts the least privilege required when users access the system and data, hence it guarantees that users could complete the operated tasks, meanwhile it also ensures the least loss caused by illegal users or abnormal operation.
group add webteam usermod –G webteam GW chown –R httpd.webteam Chmod –R 2570 /www/htdocs G means modify the additional groups where the users belong. R means change the same owner for all files in the current directory and subdirectories, which is to change one after one by pull over. SUID means that if a user set the permission on his own shell script, the other users performing this script will also have the same appropriate permission as the lord. GUID means the users who implement the corresponding script will have the permissions same with the user's group.
1. Forbid using catalogue index 2. Forbid default access If allow accessing the/var/www /html directory, please using the following settings: 3. Forbid user reloading In order to prevent users from overloading on this directory configuration file, it can be set: Order deny,allow Allow from all AllowOverride None
Apache servers are under the threat of DOS attacks all the time. It mainly includes the following several forms. 1. The flood attack of data packet 2. Disk attack 3. The router is inaccessible 4. The attacks of distributed denial of service
Apache server realizes its defense of attack of denial service mainly through software Apache DoS Evasive Maneuvers Module. It is an alternative to mod access, against the attack of DoS. And this software could quickly deny repeated requests from the same address toward the same URL.
Using a Web server with SSL can improve the safety performance of website. SSL protocol works between Linux TCP/IP protocol and HTTP protocol, SSL uses encryption method to protect the flow of information between Web servers and browsers. SSL is not only used to encrypt the data flow transmitted over the Internet, but can also provide authentication.
1. The client application link includes the algorithm lists and other achievable information, 2. When the server responds to a link, it can confirm the algorithm needed by this communication, and sends its own certificate, which contains its own identity and public key, 3. After it receives a message, the client-side will generate a secret key, encrypt it and send it by using the web server's public key 4. Then the server uses the private key to decrypt and process it, so as to generate an encryption key, the session key is success in negotiation, 5. The client-side and the server both realize the session key, and use the session key to encrypt the data.