As we learned in the first two parts of this miniseries comparing colocation to dedicated server leasing, the difference between the two is owning versus renting. You can’t always lease or rent a product. For instance, ice cream cones can only be rented in Arkansas, South Dakota, and Hawaii. Larger items such as cars or homes can be rented worldwide, though; the same is true of dedicated servers (colocation versus leasing).
We are assessing ideas pertaining to the debate between the two options from several advice sites, primarily Webhostingfreaks.net, ITworld, and About Colocation. We started with a general rundown of the differences between the two, then moved into stronger arguments. Both of the arguments, from the latter two sources above, side with colocation – which notably gives you more control but has additional upfront expense.
Our main concern is with web servers, but we also wanted to provide pluses and minuses related to home ownership and rental. Let’s explore the subject of pets with regards to housing. Pet owners love renting especially because it is an opportunity to prove to themselves how much they love their animals. If you can find the right landlord, you may be able to pay upwards of $1000 for security deposits for your two Irish setter-bloodhound-chihuahua-St. Bernard mutts. Your dogs don’t understand money, but that doesn’t mean they won’t chew through one of the walls or attack your appliances. Continue reading Choosing Colocation vs. Leasing Dedicated Servers & Landlord Appreciation – Part 3→
With many products and services, we have the choice to go between owning and renting. For some reason that is not true of paperclips or underwear; but it is true of houses, cars, and other large items. Servers are no exception. Because hosting can be expensive, there is a wide range of possibilities for website owners. These possibilities range from power and quality of equipment to financial relationships with equipment.
Two options for servers are colocating one or leasing one from a hosting company. The two options are more similar than they are different. In both cases, you have your own dedicated server. In both cases, you can take advantage of the datacenter expertise of the hosting service’s personnel and physical parameters (climate control, disaster recovery plans, etc.).
Deciding between these two options can be a little confusing, so let’s look at their differences to see what option might be best for you. We will look at three perspectives, from Webhostingfreaks.net, ITworld, and About Colocation. Keep in mind, a couple of these perspectives are very colocation-friendly. Colocation, though, is more complicated to set up and manage, simply because you are the owner of the equipment. You must pick out what to buy, and it is more of an investment. Continue reading Choosing Colocation vs. Leasing Dedicated Servers→
Speed: it’s crucial online. The rate at which a page loads is important both to keep customers happy and to keep them from leaving your site. However, your site’s speed is not just about UX (user experience) but about search engine rankings. That latter factor is becoming more and more important as the Google algorithm weighs it more heavily. Tumblr’s servers, for example, do not meet Google’s standards for speed.
Obviously the speed at which your site populates content depends on a mixture of diverse factors. For example, how many images do you have on your page? Are they compressed? What type of hardware are using (server, etc.)? Are there a lot of WordPress plugins on your site? Simple sites running off of great equipment load very quickly, and complex sites on clunky equipment don’t. However, there is a cheat.
When you look at servers, one of the most important decisions you need to make is the operating system. Typically that means choosing between Windows and Linux. However, you may choose to use a dedicated server (a server you control, with a hosting company or on your own) or co-location (using a hosting company’s data center to store your server in an ultra-secure environment). In that case, you will have a wide variety of types of Linux you can potentially explore. The same is true of your PC desktop.
Linux has all these options to choose from because it is an open-source (freely available source code) version of UNIX. UNIX, then, is the real base operating system. Linux became an incredibly popular version of UNIX, the standard for use by high-tech folks and many companies around the globe. Due to its widespread adoption and the fact that it is open source and can be manipulated as desired, a widespread array of versions has proliferated.
Perhaps the best part of Linux flavors is, in fact, not how they operate or feel but how they taste. Probably the most ridiculous comment Bill Gates ever made was when he complained that “all species of Linux taste like chicken.” He then explained that Windows tasted “like a warm blueberry muffin at one moment, like crisp roast duck the next.” Granted, he was a little inebriated when he made these comments, and it’s also possible it wasn’t him. Some guy who looked like Gates definitely said this, though. Continue reading Many Different Flavors of Linux: A Look at Distros & How They Taste→
Firewalls: We all know they are vital for Internet security, but what are their basic purposes and flavors? This series serves as a basic beginner’s guide to firewalls of the three major types: hardware, software, and web application (WAFs).
Hello friends and neighbors. This post, as it turns out, is the follow-up to our groundbreaking, skybreaking article on server hardening; it also is the prequel to our final post on Windows server hardening. This post, the meat of the sandwich (ham, in this case), is on how to harden Linux servers.
Server hardening is a simple concept, and it’s crucial to initiate if you want safety for your website. Essentially, simiarly to the experience of an end-user on a client machine, when you use a server, the systems are not built (their default settings) for high-end security. They’re built, rather, for features. In essence, the Internet is optimized for usability/freedom over administration/security. Securing a system, then, is a matter of revoking freedoms or modifying expectations in order to ensure a secure experience for the system and for all users.
We aren’t only concerned with Windows and Linux servers though. Actually, the NSA Datamine server is one of the most secure options out there. Everyone is thrilled by this server. It’s been called “bootserverlicious” by P. Diddy and “P.-Diddy-riffic” by a worldwide consortium of boot servers.
To get a sense of server hardening on any of the major OSs, we are looking at three sources: “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com (good info, though the language is a little rough); and “Baseline Server Hardening,” by Microsoft’s TechNet. Each of these posts broadens our horizons and is lactose- and gluten-free so that it doesn’t distract from the extra-cheese, thick-crust pizza we’re inhaling.
How to Harden Your Linux Server without Having to Think
No one ever wants to have to think. Let’s not do it, then. Let’s refuse to think, and just feel our way to a hardened server. Don’t call me “baby,” though, please, because that’s disrespectful, sugar. Anyway, the Linux server: here are approaches you can use specific to that OS.
1. Non-Virtual Worlds: Go into BIOS. Disallow any boot operations from outside entitites: DVD drive or anything else that’s connected to the server. You should also have a password set up for BIOS. GRUB should be password-enabled as well. Your password should be “moonsovermyhammy123987”; I recommend tattooing it on your lower back for safekeeping.
2. Partitioning as a Standard: Think (no, don’t!) of how a virtual environment or virtual server is constructed. Division into smaller parts is an essential security concept. Any additional pieces of the system will require their own security parameters and challenges. That means you want a streamlined system, of course, like a digestive tract without all the intestines and stuff; but it also means you want everything divided into disparate sections. Any app from an outside source should be installed via options as follows:
3. Packet Policies: Along the same line, you don’t want anything unnecessary. That’s the case with anything you’re doing online. Let’s face it: the web is essentially insecure. It’s like a dinosaur with a new outfit that she’s afraid to show off to her other dinosaur friends … sort of.
Here’s the command to check:
# /sbin/chkconfig –list |grep ‘3:on’
And here’s the command to disable:
# chkconfig serviceName off
Finally, you want to use yum, apt-get, or a similar program to show you what’s on the system; that way you can get rid of whatever you don’t need. Here are the command lines for those two services:
# yum -y remove package-name
# sudo apt-get remove package-name
4. Netstat Protocol: Using the command line netstat, you see what ports are being used and what services are accessible through them. Once you’ve done that, use chkconfig to turn off anything that’s not serving a reasonable function, such as a service that’s just counting over and over again to a billion but won’t tell you why. See below and this netstat-geared article for more specifics.
# netstat -tulpn
5. SSH: You want to use secure shell (SSH), but you also want it configured properly to maximize your security. SSH is the secure, cryptographic replacement for telnet, rlogin, and other earlier protocols that sent all data (passwords included) as “plain text” (no “scramble” prior to transfer, basically).
You typically don’t want to communicate via SSH as the root user. Sudo allows you to use SSH. See /etc/sudoers for specifics; you can customize them using visudo, available via VI editor.
Finally, switch the port for SSH from 22 to a larger number, and change the settings so that it’s not possible for all account holders to tunnel in through Secure Shell. Here are the file and three specific adjustments:
# vi /etc/ssh/sshd_config
Conclusion & Continuation
All right. Basic explication: Done. Linux: Done (well, it’s significantly more complex than discussed above; see here for further details). Windows: Next.