hardenning Operating System Server Berbasis Linux
jokerman16
7 views
42 slides
May 29, 2024
Slide 1 of 42
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
About This Presentation
Hardening Server
Slide Content
HARDENING SERVER
Collection of web pages Identified by domain name Published on web server Accessible via IP (internet or LAN) Website - Definition
Personal Commercial Government Non-profit Organization Website - Utilities
Website - Types
Web Server - Definition System computer (both software and hardware) Can processes request via HTTP Distribute information on the world wide web
Web Server - Function Store, process, and deliver information (web pages) to clients using HTTP (Hypertext Transfer Protocol)
Clients use web browser to request data from web server. Sometimes they use web crawler Web Server - Clients
Web Server - Vendor
Web Server - Security
Threat on the client side Threat on the server side Network threat Web Server - Common Security Threat
Threat – DoS & DDoS Uses client/server architecture to direct attacks Targeting availability of system Countermeasure: filtering incoming and outgoing packets
Type of Dos attack Targeting reliability of system This attack occurs when applications write content that exceeds buffer size Example: email with large attachment Threat – Buffer Overflow Attack
Code injection technique to attack database Targeting integrity and confidentiality of system Usually using web input Example: vulnerability on web login form Threat – SQL Injection
Free and open source cross platform web server software As 1 June 2017 92.26% ran on Linux distributions Initial release 1995 (22 years ago) Apache
PHP PHP:Hypertext Processor Server side scripting language for web development Open source First appeared 1995 (22 years ago) Designed by Rasmus Lerdorf
PHP <!DOCTYPE html> <html> <body> <? php echo "My first PHP script!"; ?> </body> </html>
Structured Query Language Standard language for storing, manipulating, and retrieving data in database First appeared 1974 (43 years ago) Initial release 1986 SQL
SQL SELECT * FROM Book WHERE price > 100.00 ORDER BY title; SELECT id FROM admin WHERE username = '$ myusername ' and passcode = '$ mypassword '";
LFI Local File Inclusion is vulnerability that using include method in web application This vulnerability execute file on local server, so attacker will get information about the system This method usually to get information of user in the system
RFI Remote File Inclusion is similar to LFI except instead of including local file, this attack can include remote file from another server/system
XSS Cross-Site Scripting Inject client side script into web page viewed by other user Gain legitimate access control
Instalasi web server apache Nano / etc /apt/ source.list
Apt-get update Instalasi web server apache
Instalasi web server apache Apt-get install apache2 Apt-get install php
Instalasi web server apache / etc / init.d /apache2 restart
Instalasi web server apache
Instalasi database mysql Apt-get install mysql -server
Mysql_secure_installation * Ini digunakan jika saat instalasi mysql tidak diminta untuk mengisikan password Instalasi database mysql
/ etc / init.d / mysqld restart Instalasi database mysql
Cd /var/www/html Mkdir web Nano index.html
Securing Apache - Remove server version banner
Nano / etc /apache2/conf-available/ security.conf Set to: ServerToken Prod ServerSignature Off Restart apache / etc / init.d /apache2 restart Securing Apache - Remove server version banner
Securing Apache - Remove server version banner
Securing Apache – Disable directory browser listing
Nano / etc /apache2/apache2.conf Set to: <Directory / var /www/> Options FollowSymLinks AllowOverride None Require all granted </Directory> Securing Apache – Disable directory browser listing
Securing Apache – Disable directory browser listing
Nano / etc /apache2/apache2.conf Set these variable based on you system TimeOut MaxClients KeepAliveTimeout LimitRequestFields Countermeasure – DDoS
Countermeasure – DDoS Block IP Attacker iptables –A INPUT –s [IPADDRESS] –j DROP View Iptables Iptables –L –line-numbers Iptables –D INPUT [Line Number]
Countermeasure – Brute-force Attack – Limit Login Attempt nano / etc / ssh / sshd_config Add this script MaxAuthTries [number of try] Restart ssh service / etc / init.d / ssh restart
Change SSH Port Nano / etc / ssh / sshd_config / etc / init.d / sshd restart
Countermeasure – LFI Nano / etc /php/7.0/fpm/php.ini Set to of
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7
- Slides 42
- Age 551 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views