October 28th, 2009
With more Linux options that any other dedicated host, ServerPronto receives lots of questions regarding best practices for Linux security. Below are 9 basic tips to help you keep your server a bit more secure than the standard install. These were written for the Red Hat edition specifically, but the concepts are similar across most linux platforms.
Change the port ssh listens on.
Edit the ssh configuration file.
nano /etc/ssh/sshd_config
Locate the line “Port 22”.
Comment out this line by adding a “#” before it. (Good practice when modifying any file)
Insert a new line below it “Port ####” (Replace #### with a number between 1024 and 65535).
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
#### is the port sshd will listen on after the next restart of sshd.
Restrict ssh access to accounts which are not root.
Edit the ssh configuration file.
nano /etc/ssh/sshd_config
Locate the line “PermitRootLogin yes”.
Comment out this line by adding a “#” before it. (Good practice when modifying any file)
Insert a new line below it “PermitRootLogin no”.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
Create alternate user account.
Use the adduser command to create a new user with ssh access.
“adduser –G wheel ?????” (Replace ????? with a username 5 or more characters long).
Set the password for the user.
“passwd ?????” follow prompts to set the password.
Open new ssh port in the firewall.
Edit the iptables configuration file.
nano /etc/sysconfig/iptables
Locate the line which contains “–dport 22”.
Comment out this line by adding a “#” before it. (Good practice when modifying any file)
Insert a new line below it exactly the same except replace “22” with the number you replaced #### with.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
Make new user accounts easier to use.
Import a functional profile for all users with ssh access.
Create a file “nano /etc/environment-common”
Add the text “${EXPORT}PATH${EQ}/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:” to the new file without the “s.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
Open the profile file “nano /etc/profile”
Add the text “EQ=’=’ EXPORT=”export ” . /etc/environment-common” at the end of the file.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
Test user account.
Using your ssh client open a new connection to the server on port 22.
Login with the user you created.
Check super user access by typing “su” and entering the root password for the server.
Type “exit” twice to logoff of this test session.
Restart changed services.
“/etc/init.d/sshd restart”
“/etc/init.d/iptables restart”
Test new settings.
Using your ssh client open a new connection to the server on port ####.
Login with the user you created.
Check super user access by typing “su” and entering the root password for the server.
Switch to the original session logged on as root.
Type “exit” to logoff of this session.
Optional sudo (Super user) settings.
Use “visudo” to remove the comment from the line “%wheel ALL=(ALL) NOPASSWD: ALL”
Type “:wq” to save and exit this program.
Other helpful tips.
- Ensure all password meet strong password requirements.
- http://www.microsoft.com/protect/fraud/passwords/checker.aspx
- Never disable the software firewall.
- Change user account passwords on receipt of server details.
- Do not run a mail server daemon unless you intend to configure it for internal use.
- Disable all daemons and software packages you do not intend to use.
Tags: Linux, linux security, security
Posted in Dedicated Server Security | 2 Comments »
August 25th, 2009
The ServerPronto website is now available in Portuguese to residents of Brazil.
The site also offers local sales and support phone numbers, pricing in Brazilian Reais, and the Boleto payment method in addition to our standard payment methods.
Please visit http://www.br.serverpronto.com/
Tags: brazil, portuguese, serverpronto
Posted in Dedicated Server Best Practices | No Comments »
August 17th, 2009
Linux servers are treasured for their high level of security and wide application coverage. The platform delivers outstanding productivity on a variety of computers, including AMD and Intel-based hardware. Where did Linux get its start, and how did it reach the esteemed status of a major server platform?
Linux Background
The Linux OS began as a hobby of Linus Torvalds, a young student who attended the University of Helsinki in Finland. With a keen interest in Minix, a small Unix-like system, Torvalds wanted to develop a system that exceeded Minix’s standards. He released version 0.02 in 1991 and worked steadily until releasing version 1.0 of the kernel in 1994. The core of all Linux systems, the kernel was released under the GNU General Public License, which made the source code freely available.
During the mid to late 1990s, the techie community dismissed Linux as merely a hobbyist project, unaware of its potential. In their mind, the system was not suited for the computing needs of the general public and definitely not the server environment. This was due in large part to the system’s complexity and unfamiliarity. How times have changed! Thanks to the creators of desktop management systems such as GNOME and the Mozilla web browser project, a wide range of applications can now be run on the platform and used by virtually anyone regardless of their experience.
Securing the Linux Experience
If you are interested in running the Linux OS on your server, you can get a feel for its power by downloading a live CD version of the software called Knoppix. This version comes equipped with everything needed to carry out day to day tasks. After getting familiar with it, you may then wish to seek out other Linux distributions, such as Red Hat, SUSE, CentOS or Fedora. Although the system does require a bit of technical skill on your part, there are a number of modules that be incorporated to make the platform both easy to configure and use.
Tags: Linux, Linux distributions, Linux OS, Open-source operating systems, OS platforms, server, server platform
Posted in Dedicated Server Best Practices | 3 Comments »
July 8th, 2009
The enterprise server OS market is dominated by Microsoft Windows, Unix and Linux. Although Unix still has a sizable share of the market, that share is declining rapidly. In contrast, Windows is performing quite well and holding steady, while the smaller Linux share is consistently growing in popularity.
The War between Windows and Linux
What does the future hold? This battle will likely come down to Windows and Linux, especially as Unix is being slowly phased out of the industry. There are a few enterprise distributions of Linux, but what of the SUSE server platform? Will it survive?
Microsoft and SUSE
Red Hat and Novell SUSE are the two major enterprise Linux distributions. These two heavyweights are fighting toe-to-toe for the Linux market share while trying to secure the upper hand on Microsoft as the same time. Although Red Hat is currently winning the battle, one may assume that SUSE is the fitting candidate, especially when considering that the server platform is being backed by Microsoft. In fact, Microsoft has invested in nearly $350 million Novell coupons, a move implemented to cater to customers who prefer Linux and ultimately spite Red Hat. The SUSE server OS is gaining ground, but what happens when the funds from Microsoft run out?
What the Rumors Say
The rumor mill says that Novell is having a tough time making ends meet, as its Linux invoicing dropped 42% last quarter. In addition, the company appears to be overly reliant on Microsoft to acquire new customers. Who will be laughing in the end? Probably Microsoft. Who will suffer the most? The Linux user community. This is especially true if Red Hat and others cannot gather up the resources necessary to compete.
Diehard fans of the Linux server are screaming for fair competition. Most of them view this as a battle that will come down between Red Hat and Windows – not Microsoft and what many are now calling Microsoft’s lapdog. This isn’t a criticism of the SUSE server, as it is still a very secure and capable platform. It does, however, raise the question: is SUSE worthy of the Linux title?
Tags: enterprise servers, Linux, Linux distributions, Microsoft Windows, open-source OS, red hat, server, server platforms, SUSE server
Posted in Dedicated Server Best Practices | 1 Comment »
July 7th, 2009
With all of the advancements made in the hosting industry, it is hard to believe there was actually a time when developers and server administrators were forced to utilize shell commands and complex configuration files to accomplish simple tasks like setting up an email account.
Thankfully, in today’s industry, all these tasks can be achieved with ease thanks to control panel software. Even though most of these applications strive for the same goals, no two control panels are alike. Let’s take a closer look at some of the most popular options you have for your dedicated server.
cPanel: Popular for Good Reason
cPanel is the most popular control panel on the market, beloved for its simple interface and powerful features. The capabilities of the software range from mundane tasks, such as adding a new user account, to more complicated processes like backing up an entire domain. Although it is primarily designed for Linux-based servers, cPanel’s developers are currently working on versions that will be compatible with the Microsoft IIS server and Windows platform.
Plesk: Competitively Capable for both Linux and Windows
The Plesk control panel supports both Linux and Windows servers, giving it a competitive edge over cPanel. What many users like about the software is that it offers a default interface quite similar to Windows XP, making it easier to use for those familiar with this OS environment. Plesk is very capable, offering the ability to manage web servers like Apache and IIS, as well as database servers such as MySQL and SQL Server. Though friendly to the end-user, Plesk has a reputation of being more complex for server administrators.
These are just a few of the popular control panel options you have for your dedicated server. Whether you prefer the software mentioned here or another, be sure to check with the hosting provider regarding the administrative panel offered before you sign up.
Tags: control panel, cPanel, Dedicated server, Linux control panel, Plesk, server, web server, Windows control panel
Posted in Dedicated Server Best Practices | 1 Comment »
June 30th, 2009
When someone types your domain name into their browser, in theory, they are taken directly to your website. While this may sounds relatively straightforward, this theory is not necessarily true in reality. All requests made to a server must pass through a number of network devices and systems before reaching their final destination. It is your dedicated hosting provider’s internet connection that will determine how fast and seamless this process actually turns out to be.
Internet Backbones
There are a handful of communications companies that own the internet backbones we require to browse the web and have a website. However, these companies have no control over the array of routers, switches, firewalls and other devices that exist between your server and the rest of the internet world, components that can either enhance speed or hinder it. Many small dedicated hosting companies are trapped behind a virtual wall and simply cannot deliver the connectivity needed to assure an optimal performance.
Get the Most out of Your Server
Before entering a service agreement, you may want to ask the prospective dedicated hosting provider about their backbone connectivity and infrastructure. Who is providing them with internet connectivity? Do they utilize redundant routers and switches in case one should happen to fail? Are they making use of technologies such as hardware firewalls, NAT (Network Address Translation) and other components that could impact the traffic coming to and from your site? The answer to these questions can help you determine if you are considering the right dedicated hosting solution.
For most service providers, moving your server closer to an internet backbone simply isn’t an option. Because of this, it is well worth it to conduct a little investigating to discover the efficiency of their connectivity. If not, you could find your server buried somewhere in the deepest and darkest corners of the net.
Tags: Dedicated server, network connectivity, web hosting, web server
Posted in Dedicated Server Best Practices | No Comments »
May 23rd, 2008
Novell released SUS Linux Enterprise 10 Service Pack 2 (SP2). The service pack offers contaienhancements in virtualization, management, hardware enablement and interoperability.
“This service pack for SUSE Linux Enterprise 10 has something for almost everyone – customers, partners and developers,” says Holger Dyroff, vice president of outbound product management for SUSE Linux Enterprise at Novell. “The benefits of Linux in the enterprise are becoming well known, and Novell’s focus is on continuing to simplify the customer’s experience, always with an eye to reducing costs. Reliability, security and interoperability don’t need to break the bank. That’s the ongoing value Novell provides with SUSE Linux Enterprise.”
Novell also unveiled the Subscription Management Tool for SUSE Linux Enterprise, designed to help customers better manage their SUSE Linux Enterprise software updates.
The Subscription Management Tool (SMT) for SUSE Linux Enterprise aims to help customers manage their SUSE Linux Enterprise software updates while maintaining corporate firewall policy and regulatory compliance requirements. SMT is a package proxy system that is integrated with the Novell Customer Center and provides Novell Customer Center capabilities locally at the customer site. It provides, for example, a repository and registration target that is synchronized with the Novell Customer Center, thus maintaining all the capabilities of the Novell Customer Center while allowing a more secure centralized deployment.
SMT also allows customers to distribute updates for all SUSE Linux Enterprise devices (server, desktop or point-of-service terminal) that are running Service Pack 2 or subsequent releases. By downloading these updates only once and distributing them throughout the enterprise, Novell says, customers can set more restrictive firewall policies and, where applicable, avoid significant network usage stemming from repeated downloads of the same updates by each device. SMT is fully supported and available as a download to customers with an active SUSE Linux Enterprise product subscription.
The staff at ServerPronto are server experts with over 10 years of building and maintaining servers and computer networks. ServerPronto offers fast, reliable servers with everything you need to operate on the Internet. All Server Pronto servers are housed in secured and reinforced Data Centers with redundant power, and lightning fast fiber connections, as well as 24×7x365 support. Our support center runs 24/7/365 with live operator support. Our Network Operations Center is monitored 24/7. Our team is absolutely committed to your success and satisfaction. Click here to learn more.
Posted in Dedicated Server Basics, Dedicated Server Security | 2 Comments »
May 20th, 2008
Red Hat released the second update to Red Hat Enterprise Linux 5. As with earlier minor releases, Red Hat Enterprise Linux 5.2 comes with a broad set of bug fixes, updated hardware support capabilities, quality improvements, and a set of new software features that have been backported from upstream open source projects to the Enterprise Linux 5 code base.
Specifically, Red Hat Enterprise Linux 5.2 enhancements are primarily focused in six areas:
- Virtualization
- Laptop and Desktop improvements
- Encryption and Security
- Cluster & Storage Enhancements
- Networking & IPv6 Enablement
- Servicability
“Of course, we don’t normally make a big deal about the release of a minor version, but for this update we’ve decided to go wild and issue a pair of blogs,” the company said. “In this one we will talk about the new features and capabilities on Red Hat Enterprise Linux 5.2. In the other we will highlight something that we are proud of and applies to all Red Hat Enterprise Linux releases, our software maintenance and lifecycle policies.”
Sounds like Red Hat is pretty serious. Is this the version that truly takes the competition to task?
ServerPronto offers the world’s most affordable Linux dedicated severs. Linux is available on all of our dedicated hosting packages with prices ranging from $29.95 a month to $249.95 a month. Options include Red Hat, Fedora Core, Debian, SuSE, Gentoo, and CentOS. Click here to learn more.
Posted in Dedicated Server Pricing, Dedicated Server Security, Getting Started with Dedicated Servers | No Comments »
May 12th, 2008
Before you jump into SQL Server Hosting, there’s at least a few things you need to know. This is arguably one of the most sensitive parts of your business, and you need a dedicated server that’s secure, stable and reliable.
It all begins with security. You’ll need the right host to ensure your SQL server is secure. But don’t fall victim to the myth that shared hosting is just as secure as dedicated hosting or you could be in for a rude awakening. Dedicated servers are far more secure because you alone have access to it. Shared servers, by contrast, are shared among many users, as it name suggests.
Stability is also vital to your SQL server hosting needs. Imagine a dedicated server host that couldn’t offer an uptime guarantee. That could leave your web operation in the dark, quite literally, when it comes to your database needs. You need to look for a dedicated server host that offers 99.999 uptime guarantee. With low prices available on the market today, you don’t have to sacrifice quality or performance to enjoy your own dedicated SQL server.
Of course, reliable is also critical when it comes to SQL servers. Dedicated servers are more reliable than shared servers, and the overall performance is superior. If you want to avoid calls in the middle of the night from harried I.T. administrators, your best choice is a dedicated server with a proven track record.
Look for a dedicated server host with Microsoft certification and other strategic partners that demonstrate the company has credibility. And don’t hesitate to ask questions or even seek referrals. If you are dealing with a reputable company for your SQL server hosting needs, questions and referrals shouldn’t be a problem.
ServerPronto offers quality, performance, reliability, security, stability and more for businesses interested in SQL server hosting on a discount dedicated server. Click here to learn more about the ServerPro advantage.
Posted in Dedicated Server Security | No Comments »
April 22nd, 2008
Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.
Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Click here to learn how to bulletproof your discount dedicated server. Our Basic Firewall service places you behind a fault tolerant pair of Cisco PIX 515 with 64MB of memory running Cisco Secure Software. Each server protected by the shared firewall will be in a shared VLAN with the other servers being protected. Click here to learn more.
Posted in Dedicated Server Security | No Comments »