LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Securing Database Server and Application Server in Linux (http://www.linuxquestions.org/questions/linux-security-4/securing-database-server-and-application-server-in-linux-4175457856/)

ramsforums 04-12-2013 12:09 AM

Securing Database Server and Application Server in Linux
 
I have an application server which hosts my application. I distribute all binaries and code. So if user simply copy the code and distribute anyone can run.

I have a database resides in different server(Most of the time) some time database resides in the same server.

I have the root password and I only have access.

My concern is I want to secure so that others don't copy or access the system.

Some of the concern,

1) Login as user and browse through the directory and copy the code.
2) Shut down server and use another Bootable Linux CD and access to database or application file and copy.
3) any other scenario.

How should I protect?

Thank you

Noway2 04-12-2013 09:17 AM

The first thing you need to remember is that physical access means root access. If they have physical access to the machine, your ability to stop them from analyzing stuff on that machine that is not encrypted will be very limited. You can do things like put in bios passwords, disable USB boot, disable the CD boot, etc, to help slow them down, but your still going to be limited.

As far as you login and browse concerns, this is where you will need to assign proper ownership and permissions. Basic Unix/Linux Permissions consist of read/write/execute for owner/group/others and can be set as needed. Root will always have access regardless of the permissions. Your database files will probably be stored in a location off of /var by default so you will need to pay attention. In the database, be sure to assign a designated user and appropriate permissions.

If you are really concerned about someone seeing your data, it should either be encrypted or not put on the machine to begin with. Locking it down so that people can't read / see things is often times an exercise in futility and frustration.

Standby for differing opinions ...

ramsforums 04-15-2013 04:59 AM

Thanks for the inputs. If I encrypt the hard drive will there be a performance degradation?

Noway2 04-16-2013 08:55 AM

Quote:

Originally Posted by ramsforums (Post 4931725)
Thanks for the inputs. If I encrypt the hard drive will there be a performance degradation?

The encryption / decryption process will consume some resources. My experience has been that the associated penalty is small and I have never noticed a problem. You could also choose which portions you want to encrypt and focus on those as oppose to the whole drive. For example, do you really care if the Linux distribution binaries are encrypted? Does your entire home or /var partition need to be protected, or only a small amount? Another thing to consider about encryption, is that the drive needs to be decrypted to be used. If someone gains access and the information is already mounted in decrypted format, they may be able to access it. The encryption works well when starting from an unmounted or non-powered state.

It sounds to me like you need to perform a risk / threat analysis and devise a solution across multiple layers.


All times are GMT -5. The time now is 11:08 AM.