LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-11-2013, 11:09 PM   #1
ramsforums
LQ Newbie
 
Registered: Jun 2007
Posts: 21

Rep: Reputation: 0
Smile Securing Database Server and Application Server in Linux


I have an application server which hosts my application. I distribute all binaries and code. So if user simply copy the code and distribute anyone can run.

I have a database resides in different server(Most of the time) some time database resides in the same server.

I have the root password and I only have access.

My concern is I want to secure so that others don't copy or access the system.

Some of the concern,

1) Login as user and browse through the directory and copy the code.
2) Shut down server and use another Bootable Linux CD and access to database or application file and copy.
3) any other scenario.

How should I protect?

Thank you
 
Old 04-12-2013, 08:17 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
The first thing you need to remember is that physical access means root access. If they have physical access to the machine, your ability to stop them from analyzing stuff on that machine that is not encrypted will be very limited. You can do things like put in bios passwords, disable USB boot, disable the CD boot, etc, to help slow them down, but your still going to be limited.

As far as you login and browse concerns, this is where you will need to assign proper ownership and permissions. Basic Unix/Linux Permissions consist of read/write/execute for owner/group/others and can be set as needed. Root will always have access regardless of the permissions. Your database files will probably be stored in a location off of /var by default so you will need to pay attention. In the database, be sure to assign a designated user and appropriate permissions.

If you are really concerned about someone seeing your data, it should either be encrypted or not put on the machine to begin with. Locking it down so that people can't read / see things is often times an exercise in futility and frustration.

Standby for differing opinions ...
 
Old 04-15-2013, 03:59 AM   #3
ramsforums
LQ Newbie
 
Registered: Jun 2007
Posts: 21

Original Poster
Rep: Reputation: 0
Thanks for the inputs. If I encrypt the hard drive will there be a performance degradation?
 
Old 04-16-2013, 07:55 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by ramsforums View Post
Thanks for the inputs. If I encrypt the hard drive will there be a performance degradation?
The encryption / decryption process will consume some resources. My experience has been that the associated penalty is small and I have never noticed a problem. You could also choose which portions you want to encrypt and focus on those as oppose to the whole drive. For example, do you really care if the Linux distribution binaries are encrypted? Does your entire home or /var partition need to be protected, or only a small amount? Another thing to consider about encryption, is that the drive needs to be decrypted to be used. If someone gains access and the information is already mounted in decrypted format, they may be able to access it. The encryption works well when starting from an unmounted or non-powered state.

It sounds to me like you need to perform a risk / threat analysis and devise a solution across multiple layers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] securing linux server ramecare Linux - Security 4 03-28-2012 07:02 AM
why deploy the database server before the application server? ShaqDiesel Linux - Server 2 10-19-2009 01:03 AM
How to monitor web server, FTP server, Mail server and database server vodka33us Programming 1 06-16-2008 04:20 AM
Swap size for a 16Gb RAM database/application server Reginald0 Linux - Server 2 04-30-2008 01:56 PM


All times are GMT -5. The time now is 08:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration