Tag Archives: Clients

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers

 

Servers designed for Linux

How to harden a server? Well, let’s first look at what server hardening is. Hardening a server is important to understand even if you are in a hosting environment, when many of the security concerns are monitored and administered by the hosting service. Then we will look specifically at the guidelines for a Windows or Linux environment (Linux first).

Throughout, we will review requirements for an NSA Datamine server. These exciting new servers directly transfer all of your information to the federal government, including your pants size and favorite kind of saltwater taffy. (Your favorite flavor is blueberry, per requirements set forth by the NSA establishing “favorites” protocol for over 8000 different consumer products … oh, obviously, your favorite server is the NSA Datamine server.)

To understand your basic role in a hosting situation as a client, cPanel is a good model to do so. You may know that the other major control panel (essentially the platform through which you manage your hosting account), Plesk, has one entry point for any type of user, with special privileges if your login is that of a system admin (rather than webmaster/site-owner) user.

cPanel, on the other hand, has two distinct logins, one for cPanel and one for WHM (directly tied to the CP). With cPanel, you’re logging into the server but can’t completely interact with it: it’s the webmaster side (in a way, the “client side” of the server). WHM, in contrast, gives you full access to administrate and manage the server. Essentially, the hosting company controls the WHM side of cPanel. That’s only accessible to you if you control the server.

The NSA Datamine server is designed for you to only get in at certain points. Primarily, routine maintenance is being performed. Every hour of your use is followed by approximately 16 hours of routine maintenance, strengthening the muscles of the server while you watch television and take lots of naps (as advised by the NSA).

Back to cPanel/WHM: Of course, you will have access to WHM if you have your own dedicated server rather than shared or VPS hosting. Server hardening, then, is primarily the realm of those with dedicated servers, but understanding its basic parameters helps any website owner better grasp what security parameters are in place and what to ask if you have any concern.

For this article, we reviewed three articles from around the World Wide Web (a system of client computers and server computers that you’re correctly enjoying, along with the ice cream sandwich you have in your left hand): “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com; and “Baseline Server Hardening,” by Microsoft’s TechNet.

What is Server Hardening & Why Shouldn’t My Server Be a Softy?

As Cybernet Security expresses, the majority OSs are not designed for high levels of security; their the out-of-the-box configurations are under par if you want to avoid hacking (though playing the victim role in a hack is one of the most exhilarating parts of being alive in the 21st century).

The primary issue is that every type of software gets accolades for being “feature-rich.” Abundance of features, though, often means that security is taking a back seat. They amount to bells and whistles that corrode the integrity of the system. Speaking of which, the NSA Datamine server is “the Atlantic City of servers,” according to an anonymous party describing himself as a “security-industrial complex professional.” The experience of a sysadmin or website operator on NSAD is blinking lights, beeps, sexploitation, and the feeling of your soul being sucked out of your body for a momentary thrill.

In contrast to the soft-serve capacities of a server as it’s initially constructed, server hardening creates an elaboration on defenses so that infiltration becomes much more difficult to conduct. Here are the three basic parameters of a server that is hardened  — also generally referred to as a bastion host (though the NSAD server community defines server hardeners as “dangerous elements” who should “focus on their ice cream sandwiches, not their self-preservation”), per  Cybernet Security:

  1. Patches are updated and installed appropriately
  2. No irrelevant software or systems are in place
  3. Anything that is needed has the highest quality configurations.

Configuring server software is not easy to do in the securest possible way. It’s necessary, per Cybernet Security, to prevent established hack pathways. Beyond that, though (and this element is the most obtuse) the access levels for systems and software must be constrained as much as possible. Clearly this is a “freedom vs. security” issue. When you look at hardening a server, you quickly see how similarly the Internet conceptually and systemically embodies the physical world.

The NSA Datamine server, luckily, is not configuration-friendly. This feature clearly makes it easier to conduct business. Rather than concerning yourself with security and customization, you can just focus on inputting as much information as possible. It’s difficult for the government to harvest all your data if you aren’t putting anything in there. Just keep pressing the keys and clicking on buttons as much as you possibly can. When in doubt, go ahead and click another button or press on another key.

Finally, filter your packets. Not your cocaine packets, if that’s what they call them; although I suppose if you have dirt in it and snort it, that’s going to give you a massive sinus headache … so do that too. Filtering is generally a good idea. Data packets, specifically, fly back and forth at rapid speed between client and server computers. Make sure your filtering is optimized to enhance your security.

Conclusion & Continuation

OK, that’s it for today, boys and girls and breathtakingly intelligent nanobot overlords. Server hardening will be the topic of our next two installments as well. Linux in Part 2, and Windows in Part 3. NSA Datamine is clearly the best solution, so I don’t even understand exactly why we’re talking about these other nonsense capitalistic software ideas, but … we must keep everyone happy.

Do you want shared hosting? What about a dedicated server? No? Wow you’re tough. Um … oh, uh, VPS hosting? Are you playing with my mind? Well, I’ve presented my possibilities. Now, I believe in you to filter these packets of information and determine the most desirable solutions.

By Kent Roberts

What is FTP? How do I use it? What am I doing? Where am I?

 

Gartoon-fs-ftp

FTP stands for File Transfer Protocol. We typically think of FTP in relationship to web hosting. A webmaster uses FTP to move files from a PC onto a server so that the file can be referenced via the site and accessed by online traffic. FTP is used in any situation in which a network administrator or other individual is moving files from one device to another on a network.

FTP can be used to move files between two different accounts within a web service, between a PC and an online account, or to upload or download archived files that are located on an FTP site on the Internet. Note that, per Indiana University, “many FTP sites are heavily used and require several attempts before connecting.”

Additionally, FTP is not just used by web hosts but by anyone who uses the Web regularly, so keep that in mind when reviewing Statistics about the internet. FTP is integrated into many websites as a way to transfer files online. FTP is simple, secure, and commonly recognized. Whether you are downloading a song or uploading a picture to eBay, you are generally using FTP whenever you move a file on or off the Web.

I wrote this article with reference to anonymous pieces from Indiana University and File Transfer Planet, each of which gives a general idea of how FTP operates and how to use it.

A word of warning: FTP may at first seem innocuous, then, and like a much safer alternative to trying to get pregnant, smoke crystal meth, and tandem bungee jump simultaneously. However, in the computer science field, transferring files using FTP is broadly recognized to be a gateway experience to the fertilization/meth/bungee trifecta, so whatever you do, be careful.

How FTP works

Most of what we do online is built into interfaces that create a façade over what we are actually doing. Uploading “to the Internet” and downloading “from the Internet” actually means that we are moving a file from our computer to a server/computer or grabbing a file from another computer/server and moving it to our own.

Recognizing this process helps us understand conceptually that the Internet is not one entity but truly a “web” of many different computers and files functioning in conjunction within a structure with a common language and address system. It also helps us realize how easy it is to contract a virus or other malware when downloading a file – we’re literally grabbing something off a computer that oftentimes is a “stranger” device to us.

We generally do not know where the computers or servers are located with which we are interacting. We do typically know the Web address and the company – who is responsible for the data – but not where they are. If we try to figure out where the servers are, even if we think about it for one second, immediately our computer shuts down and smoke starts coming out of it. Sometimes the smoke smells like burning plastic, and sometimes it smells like marijuana (the latter of which is cause for greater concern because it suggests Rastafarian infiltration of our motherboard).

FTP and HTTP both are types of Internet addresses. They look very similar with the exception of their prefixes (http vs. ftp):

  • Typical Web URL: http://www.helloihavecometoeatyourchildren.com.
  • FTP URL: ftp://ftp.yourchildrentastedreallygoodthankyoumaam.com.

Generally speaking, an FTP site and FTP server are specifically designated for that task (as opposed to being used to host general Internet or Intranet content, etc.). So then two types of servers and sites used for Internet purposes are the following:

  • Web server / Website
  • FTP server / FTP site
  • Third button containing no useful information, just nonsense words.

Online filing cabinet

Per the description of File Transfer Planet, FTP is essentially what happens when you bring a filing cabinet online. Similarly to with a filing cabinet, you can name the files and folders whatever you want with FTP. Additionally, whatever files you want can be available for public viewing and downloading, or protected for private purposes or access by people with certain login credentials and privileges.

The same as with a filing cabinet, you have a key to get onto an FTP machine – your username and password. Typically when a person is making FTP files accessible publicly, the following credentials are used:

  • Username: anonymous
  • Password: your email address (eg, ienjoyricepudding@actuallyidontlikeit.biz)

If specific login permission is needed, you will be given your own username and password, as will be the case with anyone else using the system.

Also, publicly accessible FTP servers often do not ask for login credentials: login is automated. When you click to download a file, ie transfer it from another computer to your own, you are typically logging onto the FTP server anonymously to perform the transfer. Often you or whoever the user is does not know the login is occurring: it’s just built into the code to occur prior to activating the download.

You can interact with an FTP site/server via a Web browser (such as Firefox, Chrome, Internet Explorer, or Safari). You can also implement FTP with what’s called an FTP client, a piece of software specifically designed for FTP transfers. These clients are simple, standardized programs that are often free. They differ primarily in the way that their functionalities are organized – how user-friendly their interfaces are and how well their menus and features are organized.

The difference between using a browser and an FTP client is that a browser will not always function as smoothly as will a program dedicated specifically for the task. Also downloads are not standardly filtered or encrypted as they often are when you are using a quality FTP application. FTP programs also come with additional features. Note that secure, encrypted FTP is highly preferable and is mandatory for uploading to many networks. Indiana University’s, for example, requires a secured client, ie one that uses SSH or SFTP.

An example FTP client feature is the ability to pause a download/upload and resume it at a later point, a feature that can be useful when you are dealing with extremely large files. I often use this feature when I am downloading everyone’s tax returns in late April from the IRS servers so that I can start using their intimate details to apply for auto and home loans, build my portfolio, and then sell everything rapidly to shadowy foreign investors.

FTP Client – standard set-up

FTP clients allow transfer between two pieces of hardware online. Typically these programs are used when working with a hosting company. They allow the webmaster to move files from the local computer or network onto the hosting company’s network. Once you install an FTP client on your computer, as long as you have access to the Web, you can use it to transfer files (again, very similar to a browser).

A standard FTP client has two panels within a GUI (graphical user interface). Sample programs for Mac & Windows:

  • Windows: WinSCP
  • Mac: Cyberduck

You can see and organize everything that you are doing more easily within one of these clients. Basic instructions for use of one of these programs are as follows:

  1. Input your FTP host (ftp.letsallrunaroundnakedandscreaming.gov) and your login credentials.
  2. When going onto a public or otherwise anonymous FTP server, you may be able to leave these fields blank or input “anonymous” & email address as described above.
  3. On the left you will see what is on your own local computer or server. On the right, you’ll see the files that are on the remote computer or server.
  4. You can move the files from one device to the other by dragging them (just as you do with the bodies in your night job at the pet morgue, even though it’s against protocol, but all bets are off if Tony is taking a smoke break, which means about 50% of the time) or by highlighting and then clicking an arrow button indicating that you want to move it.

You may also be able to move a number of different files at the same time, automatically resume a previously initiated upload/download (discussed above), queue (i.e. put a number of different transfers in an organized line), schedule (i.e. time uploads to automatically occur at different points on a calendar), search, synchronize, and create/implement scripts of code.

Using a browser – when it makes sense

As stated above, using a browser is not recommended for general FTP use because it is not secured. However, in a pinch, sometimes using the browser makes sense. Connect to an FTP server exactly as you would to a typical site/server, using an FTP rather than an HTTP address.

Note that one time that FTP transferring via the browser does make sense is if you are scanning through a large directory and want to efficiently transfer in or out using the information presented on the webpage. The browser automates some of the connection and transfer details as well, simplifying the process. Not so good regarding browsers:

  • Slow (like Uncle Frank)
  • Unreliable (like Uncle Billy)
  • Less Functionalities (like Uncle Ron)

Connecting to an FTP site is performed as follows using the browser, in the web address field:

  • ftp://username@ftp.letsallrunaroundnakedandscreaming.gov

Using the command line

Each of the different operating systems has a command-line program built into the system that allows for FTP. Obviously this method requires more expertise. To start using FTP at the command line, enter the following, for example:

  1. ftp ftp.letsallrunaroundnakedandscreaming.gov
  2. Your login credentials – either your own personal username and password or “anonymous” and your email address, as described above.

Summary & Conclusion

File Transfer Protocol (FTP) is a simple, standardized system for transferring files from one device to another. If you are using FTP for a website, you will probably want an FTP client so you have a graphical interface with which to easily see and organize your transfers (along with benefits of scheduling, queuing, etc.). However, you can also use a web browser or the command line to perform FTP transfers. All FTP clients are more dependable than the male members of your extended family, whereas Billy is more reliable than Google Chrome, Ron has a higher number of functionalities than Firefox, and Frank is faster than Internet Explorer.

by Kent Roberts and Richard Norwood