We have web server ( in DMZ ) , ERP server , intranet server , LDAP server , auth server is running Redhat , now we only have firewall ( checkpoint ) to protect external access , we never apply any security application or policy in linux server , could advise what security function that I should use ? what security issue that I should concern ? I know iptables / ipchain is common to use , if I have checkpoint firewall protection , do I still need to use iptables ? in my enviornment , especially the web server , do I need implement any security application in linux server ?

thanks a lot

security is about discipline rather than technologies

to make this comment look more useful, a good feature to temporarily block account if multiple login failures in a short time, require passwords to be changed every couple months

How much use that is depends on a variety of things, including whether there are any other ways in and how well customised and configured for your specific system and its characteritics.

The lack of an 'application' may or may not be a problem, but the lack of a policy surely must be a problem. This sounds a lot like 'we couldn't give a stuff about security and have decided to hope for the best' so I suspect that you mean something else.

Well, you could argue that if you had a security policy, you'd know what issues should concern you. Well, only if you had got the policy correct, I suppose.

And, as has already been pointed out, security is not an application that you decide to install, or not. Your policy, with some knowledge on your part, should lead you to some sort of analysis of the threats (even if this analysis is somewhat more hand waving than you'd ideally like) and the analysis of the threats should lead you to some sort of list of measures that you intend to take.

So, do tell, what are the current measures that you are taking against XSS and what are you doing about protecting SSH logins, for example (just as a couple of examples)? Is it an issue that people could ftp malware to and from your server, assuming that you haven't prevented it? (Or, maybe no one can ftp to and from this, because you have prevented it, but we can't tell from what you have written.)


Well, the web server part is a concern, because, of necessity, you have to allow access to it, for it to be useful. But maybe, you can restrict that access. Maybe the web server (which?) has security options that you have correctly configured. Or, maybe not. Maybe whatever administrative access arrangement you use (particularly if it is one of those problematic 'panel' things, which seem to be popular amongst people who have problems, for some reason) have potential flaws, and that leaves your server wide open to someone who tries the door handles.

(Being in a DMZ is a good sign, but you have to ensure that it is reasonably configured, otherwise it might just be giving you an unfounded sense of security.)

And there are certain classes of web application where varieties of DoS are more problematic than others; do you have one of those use cases?

Have to? Well, you don't have to, but it might be advisable. It might be better to start from your argument for not running iptables, to at least control accesses within your network? but, I can't say it is really clear exactly what comprises the rest of your network.

Presumably, you have some kind of measures in place to ensure that everything is kept up to date. It is important that when there are security fixes, they get to your machines in a rapid fashion. For 'security applications' there are certainly some that you ought to consider, but if you start from adding applications, that isn't as sensible as starting from ensuring is well configured, and that adding extra security apps to cover identified holes, or maybe in more of a 'belt and braces' mode. But, without a bit of analysis, knowing the location of the holes is probably rather difficult.

1 members found this post helpful.

I think using a firewall on a server is not necessary once you have one already implemented. Just apply some access control on the server to deny root SSH access, change server configuration to comply with security standards, etc. Using another firewall will only give you more unnecessary work.

I disagree. What if a server is compromised? Now it has unfettered access to systems with no firewall. I have many points to address in this thread but do not have time at the moment. I'll get to it eventually. salasi covered a lot of what I wanted to say for the most part.