Step 1: Patch your system
Attackers will typically scan your system for vulnerabilities within 2 hours of being publicly accessible. Often, the attackers search for un-patched network services that can be exploited remotely. To ensure system security, GoGrid recommends that you:
- Apply all applicable critical or high-security updates immediately after your first successful login
- Disable all unnecessary network services
- Review security updates weekly
The following steps apply to CentOS and must be run as root:
- Let’s start by adding the yum security plugin by running this command:
yum –y –security check-update - Now let’s determine applicable security updates for your system by running this command:
yum –securitycheck-update 
- Finally, let’s apply applicable security updates by running this command:
yum –security update
The following steps apply to Debian and must be run as root:
- Let’s start by updating the Debian package index by running this command:apt-get update
- Now, let’s determine applicable security updates for your system by running this command:apt-get upgrade noup
- Finally, let’s apply applicable security updates by running this command:apt-get upgrade
Step 2: Change your root password
As part of provisioning new Cloud Servers, GoGrid provides customers with auto-generated strong passwords for the administrator account. The password is temporary and you should change it immediately after patching your system. To ensure your password is strong, GoGrid recommends that you:
- Reset the root password by running the passwd command and make sure the new password contains at least 12 characters.
- The password should meet complexity requirements to help reduce the threat of an attacker guessing it. Use a combination of alpha-numeric characters, upper and lowercase letters, and non-alphabetic symbols such as @# % in your password.
- Don’t share the new password with anyone outside your organization, including GoGrid personnel.
Step 3: Disable root SSH login
Attackers are going to attempt to gain access to your system by guessing the root password. That’s why it’s imperative you don’t permit root login through SSH. Perform the following 3 steps sequentially with root permissions:
- Create a new user account by running the adduser command, make sure the account name is non-dictionary, and consider including non-alphabetic symbols.
- Create a strong password for your new account (see Step 2 for password guidelines).
- Log off and then login with your new account and password.
Now it’s time to restrict SSH root access. Perform the following commands under root:
cd /etc/ssh/
Use your favorite text editor. For this example we’ll use vi:
vi sshd_config
Now search for PermitRootLogin and replace yes
with no and save your changes:
Then restart the SSH daemon by typing this command: /etc/init.d/ssh restart.
Step 4: Install anti-virus (AV) software
Effective use of AV software can help reduce common malware infections and in some cases, zero-day threats. To reduce such threats, GoGrid recommends that you:
- Deploy AV software that uses heuristic techniques to identify new malware or variants of existing ones.
- Perform full scans at least daily.
- Update your AV definitions at least daily.
0 comments:
Post a Comment