Securing Database Server and Application Server in Linux
I have an application server which hosts my application. I distribute all binaries and code. So if user simply copy the code and distribute anyone can run.
I have a database resides in different server(Most of the time) some time database resides in the same server.
I have the root password and I only have access.
My concern is I want to secure so that others don't copy or access the system.
Some of the concern,
1) Login as user and browse through the directory and copy the code.
2) Shut down server and use another Bootable Linux CD and access to database or application file and copy.
3) any other scenario.
How should I protect?
The first thing you need to remember is that physical access means root access. If they have physical access to the machine, your ability to stop them from analyzing stuff on that machine that is not encrypted will be very limited. You can do things like put in bios passwords, disable USB boot, disable the CD boot, etc, to help slow them down, but your still going to be limited.
As far as you login and browse concerns, this is where you will need to assign proper ownership and permissions. Basic Unix/Linux Permissions consist of read/write/execute for owner/group/others and can be set as needed. Root will always have access regardless of the permissions. Your database files will probably be stored in a location off of /var by default so you will need to pay attention. In the database, be sure to assign a designated user and appropriate permissions.
If you are really concerned about someone seeing your data, it should either be encrypted or not put on the machine to begin with. Locking it down so that people can't read / see things is often times an exercise in futility and frustration.
Standby for differing opinions ...
Thanks for the inputs. If I encrypt the hard drive will there be a performance degradation?
It sounds to me like you need to perform a risk / threat analysis and devise a solution across multiple layers.
|All times are GMT -5. The time now is 11:34 PM.|