Jul 28, 2011

Does Your Security Have More Bark Than Bite? Security Tips For System Administrators

When it comes to your computers, can you really ever be too secure? Seems there’s always something new to learn that can help you ensure your systems are not threatened. For example, did you know you can make Secure Shell (SSH) even more secure so it works even harder for you? SSH adds a layer of encryption to transmissions to make sure you can connect to your dedicated server without having your password intercepted.

Here are five security ideas you may not know about to secure your SSH server:

1.)    Brute Force Detection software should be installed. Often attackers will try brute force methods to learn your password and then attack your server. Installing a good brute force detection software helps neutralize these attempts at your sever the minute they start.

2.)    Root logins are unnecessary. Under normal circumstances, there is no reason to allow direct root logins to your server and take the risk of having your root account directly exposed to the Internet. By restricting root logins, you make it harder for outside attackers to gain access. The system administrator can become root once logged in using su or sudo.

3.)    Use chroot to restrict users to their own/home directories. Linux and Unix servers have permissions in place that prevent a normal user from damaging your files but it does not stop them from seeing those files. So if you use chroot, you can keep those users within their own directories.

4.)    Demand secure passwords and periodic rotations. When you are the system admin, you can require computer users to adhere to your password strength requirements and also demand that users change their passwords now and again.

5.)    Prevent staying logged in. Also as the system admin, you can set the timeout interval in the SSH configuration file so users do not stay logged in. This can keep people from sneaking into user accounts that are always logged in.

Do you think you can use any of these ideas in the future? What tips do you have that you can share with other system admins? Please let us know!

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn