The goal of the Information security is Confidentiality, Integrity and Availability are also known as CIA triad. The security people who are protecting, and the bad people who are breaking the security are actually trying to protect and break these three things. The best and easy example is a DDOS attack to a corporate website. The intention of the DDOS attack is not trying to gain the access to the corporate network, but to keep the corporate website busy with many requests so that others cannot access the site. The intention is to destroy the website availability.
Security demand some cost. Yes, good security product is not very cheap. To make a secure system you have to invest. The open source security product is also very cool, but you need skill people to run that product. If you need support and other services like training, installation, troubleshooting, etc. then you have to pay. There are some basic steps which you can take for free before bring your server or network device online and make your system secure. They will not give you a nice graphical and analytical result, but will make your system secure.
1. Avoid root access Try to avoid privilege user access in your system such as root. Opening this type of access specially in remote login will make your server or network device more vulnerable to the attacker. Use a non-privilege user account for remote login.
2. Encrypt communication channel For remote login it is advisable that you should avoid plain text protocol and encrypt your communication channel. Many of us use Telnet and Telnet sends traffic in clear text format. All the data is sent by the Telnet protocol can be viewed by a packet capturing tool such as Wireshark. Use ssh, which is a secure protocol and can make the communication channel encrypt and keep your information secure.
3. Password policy Make a strong password policy for your organization and make sure that the users are following that policy. Use upper case, lower case combination, special character and number in your password. Force the user to change the password after any given time like 15 days or 1 month.
4. SSH key A strong password is a must for a secure system, but the password can be compromised using dictionary or brute force attack. You can make another level of security to your system using the ssh-key. While enabling key based authentication use a passphrase for the safety of the key. The passphrase will protect the key in case you lost the key.
5. Use 2FA For more security, use double authentication or 2 factor authentication. Using ssh-key and google authenticator one can easily implement 2FA in the system for free. The system will allow access only when the user will provide the key and the code generated by the google authenticator.
6. Host based firewall Not everyone needs to login to the server through ssh. You can restrict the user access by enabling the host base firewall such as iptables. Try to allow individual IP address or if you have a separate subnet for admin network, then allow only that network to access the system. A simple iptables rules can do this job for you. iptables is not only used for controlling user access. It’s a complete and robust firewall tools ships with many Linux distributions for free.
7. Close unused ports Using strong passwords, implementing 2FA will make your system secure for sure, but leaving unused port open will make your server an easy target to the attacker. For example, if you use ssh (22) for remote login then it is wise to close your Telnet (23) port. If you use https (443) make sure your http (80) port is closed. If you don’t require ftp (21) service, then close the ftp (21) port, etc.
8. Patch and OS update A patch is usually released after identifying the bug in the system. Updating patch and OS are a crucial job in the server administration world. Make sure your system is up to date and if there is no application dependency, then try to update your operating system also.
9. Monitoring and event logging System monitoring and event logging can be very helpful during crisis period. What is happening in the system and how much resource the system is using can be viewed from system monitoring and event logging. System logging can be done by enabling the syslogservice. Tools like top, free, df etc can be used to see the resource utilization of the system.
10. Awareness and Training This is not a configurable step, but it’s the most important step for a secure system or environment. If any organization wants to secure the corporate system, then there is no alternative to make the people aware and gave them proper training about security. We all know what to do in a medical emergency, also we know whom to call during an event of a fire. But we don’t know what to do when our system is compromised or what to do when there is an incident happen. Proper training and awareness program will give us a clear idea about what to do, when to react and what measurement should we take during a cyber security incident. Educate your people (technical + non-technical) about cyber security, they will help you to keep your environment clean and secure. Place this point at the top of your budget plan. ■