• Email Address: forum@outsourcepath.com
English
  • English
Resources, Articles, Tricks, and Solutions about Server Security

Securing Web Servers from DoS attacks - Best Practices ?

This article covers Tactics To Prevent DDoS Attacks & Keep Your Website Safe.
Basically, it is impossible to prevent DoS and DDoS attacks entirely. But we can limit them to a certain extend by implementing security actions mentioned in this guide.
Denial of service attacks are here to stay, and no business can afford to be unprotected.

Facts about DDoS Attacks:
1. DDoS stands for Distributed Denial of Service.
2. It is a form of cyber attack that targets critical systems to disrupt network service or connectivity that causes a denial of service for users of the targeted resource.
3. A DDoS attack employs the processing power of multiple malware-infected computers to target a single system.

Best Practices for Preventing DDoS attacks:

1. Develop a Denial of Service Response Plan
Develop a DDoS prevention plan based on a thorough security assessment. Unlike smaller companies, larger businesses may require complex infrastructure and involving multiple teams in DDoS planning.
2. Secure Your Network Infrastructure
Mitigating network security threats can only be achieved with multi-level protection strategies in place.
This includes advanced intrusion prevention and threat management systems, which combine firewalls, VPN, anti-spam, content filtering, load balancing, and other layers of DDoS defense techniques.
3. Practice Basic Network Security
The most basic countermeasure to preventing DDoS attacks is to allow as little user error as possible.
Engaging in strong security practices can keep business networks from being compromised.
4. Maintain Strong Network Architecture
Focusing on a secure network architecture is vital to security. Business should create redundant network resources; if one server is attacked, the others can handle the extra network traffic.
5. Leverage the Cloud
Outsourcing DDoS prevention to cloud-based service providers offers several advantages. First, the cloud has far more bandwidth, and resources than a private network likely does. With the increased magnitude of DDoS attacks, relying solely on on-premises hardware is likely to fail.

Server Hardening - What it means

This article covers techniques to prevent attacks on the server. Basically, if we manage our servers without proper precautionary actions it is easy to spoil the reputation of the server.

Hardening your server is the process of increasing security on your server through a variety of means to result in a much more secure operating environment. Server hardening is one of the most important tasks to be handled on your servers. 

The default configuration of most operating systems is not designed with security as the primary focus. 

Default server setups focus more on usability, functionality and communication.


Server Hardening Security Measures Includes:

1. Hide login password from cgi scripts.

This setting allows you to hide the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon's CGI handler executes.

2. Referrer safety check.

Only permit cPanel, Webmail and WHM to execute functions when the browser-provided referrer (port and domain or IP address) exactly matches the destination URL.

3. Initial default/catch-all forwarder destination

Select Fail to automatically discard un-routable email that your servers new accounts receive. This will help protect your server from mail attacks.

4. Verify signatures of third-party cPaddons.

Enable this option to verify GPG signatures of all third-party CPaddons.

5. Prevent "nobody" from sending mail.

Enable to block email that the nobody user sent to the remote address. Nobody is the username for Apache.

6. Enable SPF on domains for newly created accounts.

7. Proxy subdomain override.

Disable this option to prevent automatically-generated proxy domains when a user creates a subdomain.

8. Proxy subdomain creation.

Disable this option to prevent the addition of cPanel, Webmail, Web Disk and WHM proxy subdomain DNS entries to new accounts.

9. Cookie IP validation.

Disable this option to allow logins regardless of the user's IP address.

Methods to secure database server - Best Practices

This article covers different methods to secure a Database Server. Database security helps: Company's block attacks, including ransomware and breached firewalls, which in turn keeps sensitive information safe. It Prevent malware or viral infections which can corrupt data, bring down a network, and spread to all end point devices.


SQL injection vulnerabilities occur when application code contains dynamic database queries which directly include user supplied input. 

This is a devastating form of attack and BSI Penetration Testers regularly find vulnerable applications that allow complete authentication bypass and extraction of the entire database.

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. 

This information may include any number of items, including sensitive company data, user lists or private customer details.


Some known database security issues:

Security risks to database systems include,

1. Data corruption and/or loss caused by the entry of invalid data or commands

2. Mistakes in database or system administration processes, sabotage/criminal damage and so on.


There are numerous types of databases and many different ways to hack them, but most hackers will either try to crack the database root password or run a known database exploit. 

If you're comfortable with SQL statements and understand database basics, you can hack a database.


Practices for Database Security:

1. Protect Against Attacks With a Database Proxy.

2. Set Up Auditing and Robust Logging.

3. Practice Stringent User Account Management.

4. Keep Your Database Software and OS Up-to-Date.

5. Encrypt Sensitive Data in Your app, in Transit, and at Rest.

Enforcing server security using hardware firewall

This article covers how important is enforcing process in server security using a #hardware #firewall. A firewall is a system that provides network security by filtering incoming and outgoing network traffic based on a set of user-defined rules. In general, the purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely.


A hardware firewall sits between your local network of computers and the Internet. 

The firewall will inspect all the data that comes in from the Internet, passing along the safe data packets while blocking the potentially dangerous packets.


Hardware firewalls allow you to protect your entire network from the outside world with a single physical device. 

This device is installed between your computer network and the internet.

A software firewall is installed on an individual computer and it protects that single device.


Tips to achieving network security:

1. Use strong authentication methods.

2. Upgrade your software with latest security patch.

3. Physically secure equipment and ports.

4. Establish cyber security rules for your employees and make them aware of the important role they play in security.

5. Encrypt your data and require users to enable bios passwords.

Scanners For Security Linux Servers

This article covers a few good scanners for securing #Linux Servers.
ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot.
To run a ClamAV scan in Linux, you can open a terminal and insert “sudo apt-get install clamav” and press enter.
You may also build ClamAV from sources to benefit from better scanning performance.
To update the signatures, you type “sudo freshclam” on a terminal session and press enter.
Now we are ready to scan our system.
clamscan is a #command line tool which uses libclamav to scan files and/or directories for viruses. Unlike clamdscan , clamscan does not require a running clamd instance to function. Instead, clamscan will create a new engine and load in the virus database each time it is run.
Clam AntiVirus (#ClamAV) is one such open-source antivirus software that helps to detect many types of malicious software including viruses.

Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer.

Hardening an Ubuntu Server

This article covers the the importance of passwords, user roles, console security, and #firewalls all of which are imperative to protecting Linux servers.
Hardening an #Ubuntu server is a critical step in any server setup procedure.
Any time that a new server is being brought up to host services, whether production, development, internal or external, the server's operating system must be made as secure as possible.


To make your Ubuntu #Linux server secure:
1. Secure Server Connectivity
2. Establish and Use a Secure Connection.
3. Use SSH Keys Authentication.
4. Secure File Transfer Protocol.
5. Secure Sockets Layer Certificates.
6. Use Private Networks and VPNs.
7. Monitor Login Attempts.
8. Manage Users.
9. Establish Password Requirements.

Kernel-memory-leaking Intel processor design

This article will guide you on how to fix Kernel-memory-leaking. Kernel-memory-leaking Intel processor design occurs due to a flaw in the Intel x86-64 hardware. 

The simplest way to detect a memory leak is also the way you're most likely to find one: running out of memory. 

That's also the worst way to discover a leak! Before you run out of memory and crash your application, you're likely to notice your system slowing down.

A memory leak can diminish the performance of the computer by reducing the amount of available memory.

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition.


Memory leaks have two common and sometimes overlapping causes:

1. Error conditions and other exceptional circumstances.

2. Confusion over which part of the program is responsible for freeing the memory.

ACK scan DOS attack

This article will guide you on how the ACK scan DOS #attack works as well as methods to mitigate this. 

A port scan can help an attacker find a weak point to attack and break into a computer system. 

Just because you've found an open port doesn't mean you can attack it. But, once you've found an open port running a listening service, you can scan it for vulnerabilities.

Denial of service attack (DOS) is an attack against computer or network which reduces, restricts or prevents accessibility of its system resources to authorized users. The network of Bots is called botnet.

A Fraggle Attack is a denial-of-service (#DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. 

It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.

Common DoS attacks:

1. Buffer overflow attacks – the most common DoS attack.

2. ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine.

3. SYN flood – sends a request to connect to a server, but never completes the handshake.

To prevent port scan attacks:

i. Install a Firewall: A firewall can help prevent unauthorized access to your private network.

ii. TCP Wrappers: TCP wrapper can give administrators the flexibility to permit or deny access to the servers based on IP addresses or domain names.

ACK flood DDoS attack

This article will guide you on methods to prevent ACK flood #DDoS #attack. An ACK flood DDoS attack occurs when an attacker attempts to overload a server with TCP ACK packets. 

Client requests connection by sending #SYN (synchronize) message to the server. Server acknowledges by sending SYN-ACK (synchronize-acknowledge) message back to the client. Client responds with an #ACK (acknowledge) message, and the connection is established.

When computers communicate via TCP, received packets are acknowledged by sending back a packet with an ACK bit set. 

The TCP protocol allows these acknowledgements to be included with data that is sent in the opposite direction. 

Some protocols send a single acknowledgement per packet of information.

To stop a SYN #DDoS attack:

1. Filtering.

2. Increasing Backlog.

3. TCP half-open: The term half-open alludes to TCP associations whose state is out of synchronization between the two potentially because of an accident on one side.

4. Firewalls and Proxies.

5. Reducing SYN-RECEIVED Timer.

6. SYN Cache.

7. Recycling the Oldest Half-Open TCP.

NTP amplification attack

This article will guide you on steps to mitigate this #NTP amplification attack. An Amplification Attack is any attack where an attacker is able to use an amplification factor to multiply its power. Examples of #amplification #attacks include Smurf Attacks (ICMP amplification), Fraggle Attacks (#UDP amplification), and DNS Amplification.

DNS flood is a type of Distributed Denial of Service (#DDoS) attack in which the attacker targets one or more Domain Name System (#DNS) servers belonging to a given zone, attempting to hamper resolution of resource records of that zone and its sub-zones.

To harden your DNS server:

1. Audit your DNS zones. First things first.

2. Keep your DNS servers up-to-date.

3. Hide BIND version.

4. Restrict Zone Transfers.

5. Disable DNS recursion to prevent DNS poisoning attacks.

6. Use isolated DNS servers.

7. Use a DDOS mitigation provider.

8. Two-Factor Authentication.

Memcached DDOS attack

This article will guide you on methods to mitigate Memcached DDOS attacks which occur mostly by accident. To mitigate this attack, you can Disable #UDP, #Firewall #Memcached servers, and so on.

 DoS attack is a denial of service attack where a computer is used to flood a server with TCP and UDP packets. A DDoS attack is where multiple systems target a single system with a DoS attack. The targeted network is then bombarded with packets from multiple locations.

DDoS attacks are illegal under the Computer Fraud and Abuse Act. Starting a DDoS attack against a network without permission is going to cost you up to 10 years in prison and up to a $500,000 fine.

There are three essential security measures that all small businesses should take to protect themselves from #DDoS #attacks: Use a web application firewall (#WAF): The absolute best way to prevent a DDoS attack is through the use of a WAF that blocks bad traffic and prevents DDoS attacks from accessing your web server.

A Denial-of-Service (#DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.

Different DDoS attack method:

1. UDP flood.

2. ICMP (Ping) flood.

3. SYN flood.

4. Ping of Death.

5. Slowloris.

6. NTP Amplification.

7. HTTP flood.

HTTP Flood DDOS Attack How to Mitigate the attack

This article will guide you on how to recover from DDoS attacks. Basically, protecting the web server against #DDoS #attacks is important. You can apply these measures to mitigate the error from causing troubles.

DNS #flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker targets one or more Domain Name System (#DNS) servers belonging to a given zone, attempting to hamper resolution of resource records of that zone and its sub-zones.

To prevent DDoS attacks:

1. Buy more bandwidth. 

2. Build redundancy into your infrastructure. 

3. Configure your network hardware against DDoS attacks. 

4. Deploy anti-DDoS hardware and #software #modules. 

5. Deploy a DDoS protection appliance. 

6. Protect your DNS servers.

Steps To Harden OpenSSH Client on Ubuntu 18 04

This article will guide you on how to harden #OpenSSH Client by following some quick and easy steps.
#Hardening of the #OS is the act of configuring an OS securely, updating it, creating #rules and #policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize a computer OS's exposure to threats and to mitigate possible #risk.

IIS Security for Sites Steps for server hardening

This article will guide you on the process to #secure sites in IIS to prevent site infections or defacing on a #Windows Server include poor file security or poor #configuration. 

In conclusion, the modular nature of #IIS allows for more granular control over web server resources and #security. However, this can either make your #web #applications more or less secure—depending on the person or group responsible for security.

Firewall protection for Servers

This article shows the importance of Firewall to a system and Operating system to safeguard it against intruders and attacks.

How to use ADUC MMC to process queries in Active Directory user and Computers

This article describes how to use saved queries in relation to Active Directory Users and Computers (ADUC) which is a MMC snap-in for managing Active Directory.

Installing and configuring Samba on Ubuntu

This extract will guide you on how to install and configure Samba on Ubuntu which is a software package which allows us to access a shared network drive and printers across different operating systems.

Setup redis on centos 7

The Process of Installing Redis and Setting its Firewall on Centos 7.

Solution to certificate routines X509_check_private_key key values mismatch

Main causes of  certificate routines X509_check_private_key key values mismatch in Apache web server  SSL Certificates.

Solution to err_ssl_protocol_error

Best method to fix err_ssl_protocol_error in an affected application or website.

Solve Docker Error Processing tar file

When there is a permission issues or lack of disk space, a Docker error processing tar file will occur.

How to fix SSL error err sslversion or cipher mismatch

The error ERR_SSL_VERSION_OR_CIPHER_MISMATCH occurs when a user's browser cannot establish a secure connection with a web server that uses #HTTPS and SSL. 

The issue may lie in the server configuration or locally on a user's #computer.

Also, the ERR SSL VERSION OR CIPHER MISMATCH error could be caused by certain security settings. 

Applying changes to the SSL might help you solve the annoying ERR SSL VERSION problem. 

Sometimes switching to another browser can be the easy fix you need.


To Fix ERR_SSL_PROTOCOL_ERROR:

1. Set correct system date, time & region.

2. Clear Chrome's cache and cookies.

3. Disable #QUIC Protocol.

4. Disable extensions.

5. Remove your system's hosts file.

6. Clear SSL State.

7. Lower your internet security and privacy level.

8. Disable your security tools for a moment.


Error such as Err_ssl_version_or_cipher_mismatch tend to pop up when there is a inappropriate configuration in the SSL certificate.

Easy way to convert cPanel SSL Certificate from PEM format to PFX

pem is a de-facto file format called Privacy-Enhanced Mail. These are interchangeable file extensions for the PKCS#12 format. 

Technically, PKCS#12 is the successor to Microsoft's PFX format, but they have become interchangeable. PKCS#12 files are archives for cryptographic material.

PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file.

All SSL Certificates require a private key to work. The private key is a separate file that's used in the encryption/decryption of data sent between your server and the connecting clients.

A private key is created by you—the certificate owner—when you request your certificate with a Certificate Signing Request (CSR).

Basically, the default SSL file format used by apache web server is the PEM format. Whereas PFX files are used on MacOS and Windows systems to do export and import activities of private keys and certificates.

Recent Post