LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page What Software Packages Should I go with to make my webserver secure?
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 11-14-2007, 12:13 PM   #1
kustomjs
Member
 
Registered: Apr 2007
Posts: 37

Rep: Reputation: 15
What Software Packages Should I go with to make my webserver secure?

Hi Guys
I am sorry for keep asking Newbie questions but I want to make sure that I am doing this the correct way and being secure of doing this since I do not want the Feds come to my door asking about peoples credit cards and personal information being leaked by a hacker so my main question is what software packages should I download and install on to my home webserver for my small business e-commerce site that is dealing with personal and credit card information so I need to know what software packages I should get. The server information I have is:
OS: Ubuntu Server 7.10 Gutsy
Memory: 380MB
Hard Drive: 40GB
CPU: 1.3GHz Intel Celeron
 
Old 11-15-2007, 11:35 AM   #2
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 264Reputation: 264Reputation: 264
I've never done what you're talking about, but in general, I typically end up just using Bastille for my machines. I think there's several books you could get from the library like the "Linux Administrators Security Guide" or "Hardening Linux".

Here's a couple other links from google:
http://www.ibm.com/developerworks/li...ary/l-seclnx3/
http://www.puschitz.com/SecuringLinux.shtml
http://www.debian.org/doc/user-manuals#securing -- debian specific, but Ubuntu is based on debian...
 
Old 11-15-2007, 11:59 AM   #3
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,230
Blog Entries: 5

Rep: Reputation: 185Reputation: 185
Have you considered using a third party processor to handle the credit card transactions for your site ? With all the requirements being pushed down through the VISA/MASTERCARD PCI DSS to basically put ALL the liability on you.. Implementing all the controls to meet these requirements is expensive, not doing so can be more expensive in fines, fees, and corporate reputation.

Quite honestly for a low volume site I would outsource the transactions.

the 12 requirements for compliance listed on the wikipedia site are just brief topic headers.. you need to download the entire standard to see all the actual requirements. [Card number Masking/encryption of data/extensive access logs/much much more..]

Obviously there are downsides to third party processors as well (FEES) http://www.chargecentral.com/Third-P...rocessing.html

but have you seen the Fines levied by PCI recently ? http://www.threadwatch.org/node/13910


If you accept credit cards for transactions as a merchant YOU ARE SUBJECT TO PCI REGULATIONS

Personal information (depending on what it is) could be subject to other federal regulations..
Last edited by farslayer; 11-15-2007 at 12:00 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Secure your webserver using SSL and TinyCA LXer Syndicated Linux News 0 10-08-2007 02:30 PM
Debian webserver as secure as possible Fuel Debian 2 07-20-2005 04:23 AM
The correct/secure way to setup a webserver? ]SK[ Linux - Software 5 02-11-2005 02:34 AM
Setting up secure apache2 webserver https access on suse linux 9.2 svanati Suse/Novell 4 12-21-2004 08:07 PM
Trying to setup a secure webserver pyrombca Linux - Software 0 09-02-2003 05:04 PM


All times are GMT -5. The time now is 11:34 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration