Colin wrote:
Want to know how secure your server is? Try and hack it!
A good port scanner like nmap should be a basic check of your
firewall. I would also set nmap (if it can do this) to perform a SYN
flood as it scans, to see if your server can withstand that basic DoS
attack. (Adding --syn to your TCP rules in iptables can prevent SYN
flooding when used with SYN cookies.) When you break in, find out why
it worked and how it can be patched.
I'd like to put forth a few words of caution.
Depending on the complexity of your environment aggressive security
scans can be fairly detrimental to your services stability. Make sure
you inform the other admins if any that a scan will be taking place and
do it in off hours. While most Internet facing applications today are
pretty good about handling a scan internal custom built applications or
newly released appliances are not.
I once had massive load balancer failures across three geographic sites
because of an unauthorized port scan by out new security director. Yes
they shouldn't have locked up when send a weird packet, but we'd have
avoided quite a bit of downtime if we had known what to look for.
kashani
--
gentoo-user@gentoo.org mailing list
