[wp-hackers] [OT] Resources for Defending Against Blog Attacks

Alex Günsche ag.ml2007 at zirona.com
Wed Aug 8 21:40:20 GMT 2007


On Wed, 2007-08-08 at 14:01 -0700, Chris Williams wrote:
> As for the other stuff, is Nikto the current state of the art in testing my
> system?  If I can get a clean bill of health from it can I feel relatively
> confident?  Are there other ways/resources I should use to check to my
> defenses?

Nessus is great. It is an OSS (v2, not v3) security suite, however, you
must register to obtain all plugins.

By the way, some more things to mention:

* I agree that DDoS countermeasures at server level are a bit late, but
if your host is not supportive (mine luckily is), you must take action
yourself, and it's always good to know useful tools.

* Security items I forgot to mention before are Intrusion Detection
Systems like Tripwire (Host IDS), Snort (Network IDS), Prelude (Hybrid).
If really managed to break in, you will be able to react fast and get a
good idea of the actual damage.

* Something I found useful is putting the SSH server to a non-standard
port, e.g. 8022 on my server. Of course somebody with Nmap and Netcat
won't be fooled, but at least automated SSH break-in tools won't drag at
your performance. Also, and more important, disable root login, and
rather log in with a non-privileged account. You could also switch to
key-based authentication, but this is not a good idea when working from
different machines.

* as for Drop policy (Iacob): Yes, you can lock yourself out if you're
not careful. But once everything is set up, "drop" the best solution. As
I said, I can really recommend Firehol, it sets up a complex IPtables
ruleset with only 6 lines (or a bit more, depending on the services you
run). For whom it may be interesting: have a look at
http://firehol.sourceforge.net/ and scroll down and read the section
"Learn another language?" to get an idea.


Best regards,
Alex

-- 
Alex Günsche, Zirona OpenSource-Consulting
Blogs: http://www.zirona.com/ | http://www.regularimpressions.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc



More information about the wp-hackers mailing list