Debian Security (Basic Hardening) - Part1

Why Hardening Debian is Necessary?

In the cloud there is more IOT devices than people in the world. That gives unwanted attackers more chances to get into things they shouldn’t. The internet is like a candy store for them and Debian is a widely available distribution used. Basic security can prevent even skilled attackers from persisting by simply discouraging them from the get go.

#Updates

It is always good practice to update your system. However, some updates may cause your services/packages to not properly work as there may be bugs etc.

A good command to just pull security updates in Debian for packages

apt-get upgrade -s

But in reality, you should always be doing often full updates if possible with

apt-get update

#Assessing Your Own Security

You don’t have to be an expert to give your own server a check to see if its vulnerable.

Let’s get some misconceptions out the way

Security isn’t

A Service

A firewall

Security is

Understanding and Process

First a good way to see how you look from the internet to others is by port scanning your IP. Nmap is a good useful way to get a brief look of what is showing and people see. You can run this command on a separate server or anything with Nmap ability. Even on the same server your checking.

To install Nmap run

apt-get install nmap

To scan your server use

(REPLACE X.X.X.X WITH THE TARGET IP)

nmap -sv -pn x.x.x.x

This takes some time however you should get out put with a port number and service name like this.

Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-05 20:57 CET

Nmap scan report for x.x.x.x.com (x.x.x.x)

Host is up (0.0013s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE VERSION

23/tcp closed telnet

443/tcp open apache

1194/tcp open openvpn

3306/tcp open mysql

As you can see there is some open ports. Among these is OpenVPN, MySQL, and Apache. However, it shows one service that’s closed but you can see exists. This is Telnet the service is showing active on the port but is closed we will explain why.

The Telnet service is most likely restricting the access to the service by IP addresses. This is a good security idea if you’re only going to access a service from a certain IP address. Commonly services such as Telnet, SSH, and MySQL are good example of this.

This can prevent Brute Forcing on SSH and Telnet and limit access to the server. This can be done with firewall rules only allowing access to a port with a certain IP address.

However, for some this is very impractical and need access from different IP addresses. To get similar benefits to login services there is another idea. The idea is to change the default port for a service this can take your server out of the way of most automated scanners and prevent others from figuring out what each service is.

For example, SSH as a typical default installation port of (22) it is best practice to move this port to something above the 10000 range. This can be done by.

Using a text editor such as vi or nano to change this file

/etc/ssh/sshd_config

In the file you will see an option for port you can edit the number for port and save the file. (REMEMBER THE PORT)

Then to implement the changes run

service sshd restart

Now that your learning to move stuff around to make things harder to find you are on a good path to avoiding most scanners and deterring potential attacks.

Wait for part2 for more tips and in-depth looks at assessing your system and the continuation of Basic Hardening.

-Seth