Why Hardening Debian is Necessary?
In the cloud there is more IOT devices than people in the world. That gives unwanted attackers more chances to get into things they shouldn’t. The internet is like a candy store for them and Debian is a widely available distribution used. Basic security can prevent even skilled attackers from persisting by simply discouraging them from the get go.
It is always good practice to update your system. However, some updates may cause your services/packages to not properly work as there may be bugs etc.
A good command to just pull security updates in Debian for packages
apt-get upgrade -s
But in reality, you should always be doing often full updates if possible with
#Assessing Your Own Security
You don’t have to be an expert to give your own server a check to see if its vulnerable.
Let’s get some misconceptions out the way
Understanding and Process
First a good way to see how you look from the internet to others is by port scanning your IP. Nmap is a good useful way to get a brief look of what is showing and people see. You can run this command on a separate server or anything with Nmap ability. Even on the same server your checking.
To install Nmap run
apt-get install nmap
To scan your server use
(REPLACE X.X.X.X WITH THE TARGET IP)
nmap -sv -pn x.x.x.x
This takes some time however you should get out put with a port number and service name like this.
Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-05 20:57 CET
Nmap scan report for x.x.x.x.com (x.x.x.x)
Host is up (0.0013s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
23/tcp closed telnet
443/tcp open apache
1194/tcp open openvpn
3306/tcp open mysql
As you can see there is some open ports. Among these is OpenVPN, MySQL, and Apache. However, it shows one service that’s closed but you can see exists. This is Telnet the service is showing active on the port but is closed we will explain why.
The Telnet service is most likely restricting the access to the service by IP addresses. This is a good security idea if you’re only going to access a service from a certain IP address. Commonly services such as Telnet, SSH, and MySQL are good example of this.
This can prevent Brute Forcing on SSH and Telnet and limit access to the server. This can be done with firewall rules only allowing access to a port with a certain IP address.
However, for some this is very impractical and need access from different IP addresses. To get similar benefits to login services there is another idea. The idea is to change the default port for a service this can take your server out of the way of most automated scanners and prevent others from figuring out what each service is.
For example, SSH as a typical default installation port of (22) it is best practice to move this port to something above the 10000 range. This can be done by.
Using a text editor such as vi or nano to change this file
In the file you will see an option for port you can edit the number for port and save the file. (REMEMBER THE PORT)
Then to implement the changes run
service sshd restart
Now that your learning to move stuff around to make things harder to find you are on a good path to avoiding most scanners and deterring potential attacks.
Wait for part2 for more tips and in-depth looks at assessing your system and the continuation of Basic Hardening.