Holistic Server Security
hashdays 2012
Lightning Talk by Sean Rtschi
Why are you doing this to us?
Overview
Why are you doing this to us?
Who am I?
Network
Hardening
Patch Management
Log Reviews
Backup Management
Last thoughts
Outro
Who am I?
Sean Rtschi
Security Consultantscip AG: www.scip.ch
Web: www.5e4n.ch
Twitter: @0xSR
Previous experience as
System Engineer
No previous experience as a
speaker at a con
This presentation was thrown together very quickly, so don't expect any miracles
Network
Network
Start filtering here anything that stops here doesn't bother the servers
Network segmentation
Use firewalls according to concept
Do firewall rule reviews remember Marcs talk from yesterday?
Don't overcomplicate things KISS
Hardening
Hardening
Read the documentation
Research if you don't understand config options
Use ACLs on multiple levels reduce to the max
Do periodic reviews one per month/year
Did I mention you should read the documentation?
Patch Management
Patch Management
Keep to vendor patch cycles
Keep up to date if there are no vendor cycles remember Jonathans talk?
Categorise patches
Test patches in important environments if you have time
Research if patches add/change/remove config options remember the hardening?
Enforce patching on clients
Log Reviews
Log Reviews
Automate reviews and corresponding actions Remember the Selfdefending Databases talk?
Consider correlations
Escalation process
Do manual checks periodically
Many programs use different log formats
Periodically review the log formats
Backup Management
Backup Management
Dedicated machine
Automate backups
RAID is not a backup
Restrict backup machine access to necessity
If possible, restrict remote access to the backup machine
Make sure that the backups can be restored
periodic tasks
Consider backup medium storage and encryption
Last thoughts
Last thoughts
Malware protection
Hardware disposal
High availability
Redundancy
Capacity planning
User management
Awareness training
Etc...
Outro
Outro
Thanks to Infosec Reactions for the pics
Come speak to me if you have any further thoughts on this topic
Top Related