Page 45

S e c u ri t y

If you have security-related questions, email them to: , and Michael will answer them in a future issue. Please include as much information as you can about your query.

Compiled by Michael Boelen

I can perform, either locally or remotely, to ensure an attacker is Don't kernel panic! Gord will be not able to gain access to my back shortly for more of your system from outside the network? I questions. have read of security flaws in Webmin, but at the same time love In this new section Michael Boelen it for its convenience. (creator of Lynis) will answer your MB: If a malicious person (or script) Linux security questions. Do you would like to enter your network, have a question on Linux/Ubuntu it’s a matter of finding the weakest security for Michael? Please email it to: link. One way to find this is using a well-known network port (like port 80) combined with a piece of easy identifiable software (e.g. Webmin). There are few things From Ben McTee: I’m currently running Xubuntu 1 3.04 as a music, which can be done to strengthen video, and file server for my home the weakest links: use a nonstandard port to thwart most and abroad. I have an SSH server set up with key authentication only malicious scripts, encrypt data if (password is disabled). In order to possible, limit access by using an IP filter or an additional layer of access my server remotely, port authentication. In your case, you forwarding is enabled on my Airport Extreme router, forwarding already applied several of these methods. One way to test them is all port 80 traffic to my server. I to check what ports are open from have Plex Server installed and set up to allow streaming of videos to “outside”, and check if others can determine what you are running. my devices while I am away from As always, apply security patches home. Additionally, I use Webmin to those packages with known to manage services, servers, vulnerabilities, especially if they SAMBA, and other tasks on the Xubuntu machine. Are there checks listen on the network. full circle magazine #81

From Ben McTee: What is the best method of automatically notifying me if an attack is being attempted on my network (port scanning, for example).

MB: One should first know the definition of an attack. Unfortunately this differs for every individual or company. In the field of security incident response, we consider mainly any events which are outside normal behavior, and with a clear malicious intent. Port scanning would therefore not be an attack or a trigger for security incident response. It’s simply a common thing on the internet, similar to brute forcing accounts via SSH. But performing a distributed denial of service on your system is considered malicious and not a daily event. So my advice is to decide first what you want to protect and what you would do with events occurring. Would you investigate each port scan attempt and would it be worth the time?


To test your PCs security, see Michael's HowTo article earlier in this issue on Lynis.

Michael Boelen is the author and

project lead of Lynis. His company CISOfy provides security guidance to individuals and companies by sharing open source software, support and knowledge. He loves sport, reading, and enjoying life with friends. contents ^

Full Circle Magazine #81  

This month: * Command & Conquer * How-To : Python, LibreOffice, and Improve Security with Lynis . * Graphics : JPG>PDF, and Inkscape. * Revi...

Full Circle Magazine #81  

This month: * Command & Conquer * How-To : Python, LibreOffice, and Improve Security with Lynis . * Graphics : JPG>PDF, and Inkscape. * Revi...