Security Flashcards
In terms of server security, what is the very most basic thing that you must do first?
Disable root access.
How can you see who has been attempting to access your server?
sudo cat /var/log/auth.log
What are five key ways to improve security?
- SSH (instead of user/pwd)
- Firewalls
- Updates
- Two factor authentication (can be worked around)
- VPN (a wall between the internet and the intranet)
What is a zero day?
An unpatched vulnerability that the company has not found or documented yet.
There is a software that will auto-update your software, what is it called?
unattended-upgrades
What is a firewall?
A network security device that monitors incoming and outgoing network traffic decides whether to allow or block specific traffic based on a defined set of security rules.
What does nmap do?
It runs over a list of IP addresses and checks for open ports. You can run this on any IP address and see exactly what they are running, including versions, on each port.
What is a port?
It is a communication endpoint that maps to a specific process or network service.
Specifying the port allows you to say exactly where you want the information to go.
Every port that is open to the internet is a vulnerability that can potentially be exploited. Best practice is to keep as few ports as possible open.
For example, if you have the web server (like nginx) running on port 80, and the app server (eg. express) running on port 3000, you do not need port 3000 to be open to the internet. All traffic should go to port 80 and then be redirected.
Command line: How can I see the standard ports on ubuntu?
less /etc/services
We usually use ports above 2000 or 3000 so that we don’t mess with the standard ports you can see in this doc.
What are iptables?
What is a simpler way to do what they do?
Ways of routing, blocking or denying requests to certain ports.
UFW - uncomplicated firewall (it lets you think about denying/blocking/allowing things in terms of services (like ssh or https, rather than ports).
What is the difference between deny and reject?
Deny blackholes requests, i.e. it doesn’t respond. Generally you want to blackhole requests.
Reject returns a package with the message that the port is closed.
Why do you have to be very careful when working with iptables/ufw?
Because you can totally lock yourself out of your server. If you close port 22 (ssh port) then there is no way that you can get back in.
What are the three things that you can do with a file?
How do we control this?
How can we see who is allowed to do what with a file?
Read, write, execute.
Permissions.
ls -la
Command line: how do we change permissions for a file/directory to:
a. everyone can do everything
b. owner and group can read, write, execute. Everyone else can read.
c. owner and group can read, write, execute. Everyone else can read & execute.
d. owner can read, write, execute. Everyone else can read & execute.
a. chmod 777 filename / chmod -R 777 dir
b. chmod 774 filename / chmod -R 775 dir
c. chmod 775 filename / chmod -R 775 dir
d. chmod 755 filename / chmod -R 755 dir
With permissions, what is the group?
In my case, the group is probably only sudo. Need to read up on this.
