Quote:
Originally Posted by ust
..now we only have firewall ( checkpoint ) to protect external access...
|
How much use that is depends on a variety of things, including whether there are any other ways in and how well customised and configured for your specific system and its characteritics.
Quote:
Originally Posted by ust
...we never apply any security application or policy in linux server
|
The lack of an 'application' may or may not be a problem, but the lack of a policy surely must be a problem. This sounds a lot like 'we couldn't give a stuff about security and have decided to hope for the best' so I suspect that you mean something else.
Quote:
Originally Posted by ust
... could advise what security function that I should use ? what security issue that I should concern ?...especially the web server , do I need implement any security application in linux server ?
|
Well, you could argue that if you had a security policy, you'd know what issues should concern you. Well, only if you had got the policy correct, I suppose.
And, as has already been pointed out, security is not an application that you decide to install, or not. Your policy, with some knowledge on your part, should lead you to some sort of analysis of the threats (even if this analysis is somewhat more hand waving than you'd ideally like) and the analysis of the threats should lead you to some sort of list of measures that you intend to take.
So, do tell, what are the current measures that you are taking against XSS and what are you doing about protecting SSH logins, for example (just as a couple of examples)? Is it an issue that people could ftp malware to and from your server, assuming that you haven't prevented it? (Or, maybe no one can ftp to and from this, because you have prevented it, but we can't tell from what you have written.)
Quote:
Originally Posted by ust
in my enviornment , especially the web server , do I need implement any security application in linux server ?
|
Well, the web server part is a concern, because, of necessity, you have to allow access to it, for it to be useful. But maybe, you can restrict that access. Maybe the web server (which?) has security options that you have correctly configured. Or, maybe not. Maybe whatever administrative access arrangement you use (particularly if it is one of those problematic 'panel' things, which seem to be popular amongst people who have problems, for some reason) have potential flaws, and that leaves your server wide open to someone who tries the door handles.
(Being in a DMZ is a good sign, but you have to ensure that it is reasonably configured, otherwise it might just be giving you an unfounded sense of security.)
And there are certain classes of web application where varieties of DoS are more problematic than others; do you have one of those use cases?
Quote:
Originally Posted by ust
...do I still need to use iptables ?
|
Have to? Well, you don't have to, but it might be advisable. It might be better to start from your argument for not running iptables, to at least control accesses within your network? but, I can't say it is really clear exactly what comprises the rest of your network.
Presumably, you have some kind of measures in place to ensure that everything is kept up to date. It is important that when there are security fixes, they get to your machines in a rapid fashion. For 'security applications' there are certainly some that you ought to consider, but if you start from adding applications, that isn't as sensible as starting from ensuring is well configured, and that adding extra security apps to cover identified holes, or maybe in more of a 'belt and braces' mode. But, without a bit of analysis, knowing the location of the holes is probably rather difficult.