Tag Archives: Windows

Dedicated Servers, Security, VPS

Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 2

Leave a comment

 

Tux, the Linux penguin
Tux, the Linux penguin

As we discussed in the first installment of this series, deciding on an operating system for your server is one of the most important decisions you make when choosing a hosting environment. Your options get broader when you are using dedicated servers (in contrast to shared hosting) or virtual private servers (VPSs – the middle ground between dedicated and shared hosting in which your chunk of the server is partitioned into its own unit).

Windows is simple. You obviously want the most up-to-date version; but other than that, it’s Windows, and that’s it. That is kind of nice for simplicity’s sake, but if you are interested in open source environments (access to the source code) and general computing freedom, Linux is probably the way you want to go. Linux comes in a wide variety of flavors, so choosing between those options is your first challenge.

It is widely acknowledged throughout the Linux community that the different versions of Linux smell pretty much the same but taste very different. “It’s hard to explain,” said Bill Gates to me in a glass elevator overlooking the Chicago shoreline, “but there is a way in which you can feel different distributions of Linux on your tongue.” Bill (or it’s possible it was his doppelgänger) straightened his unitard, gave his dog Cinnamon Bun a piece of bacon from his breast pocket, and continued: “Some are sweet, some are sour, and some are bitter… I hate eating.” Then the elevator stopped between floors for an hour of maintenance.
Continue reading Many Different Flavors of Linux: A Look at Distros & How They Taste – Part 2

Cloud, Network, Security, Software, VPS, Web Hosting

Firewalls 101: Hardware, Software & Web Application Firewalls

1,547 Comments

 

SVG version of Image:DMZ network diagram 2 fir...
DMZ network diagram 2 firewalls

Firewalls: We all know they are vital for Internet security, but what are their basic purposes and flavors? This series serves as a basic beginner’s guide to firewalls of the three major types: hardware, software, and web application (WAFs).

For this three-part series, we will look at information from several different sources. The primary ones will be “Hardware Firewall vs. Software Firewall,” from the Michigan Cyber Initiative; “Best Practices: Use of Web Application Firewalls,” from the Open Web Application Security Project (OWASP); and “What You Should

Know About Firewalls,” by Michael Desmond for PCWorld. This first part will focus on firewalls generally. The second part will target the differences between hardware and software firewalls; and web application firewalls will be explored in-depth in the third installment.
Continue reading Firewalls 101: Hardware, Software & Web Application Firewalls

Cloud, Security, Software, Technology, VPS

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers – Part 3 (Windows)

Leave a comment
Windows Home Server screenshot
Windows Home Server screenshotÂ

Well, here we all are (except for my cousin Steve, who had to go to his tuba lesson), taking a final look at server hardening in our final segment of this series. Considering the series as a ham sandwich, we’ve looked at the topic generally (top bread), as well as basic techniques that can be used to improve security on Linux systems (just ham… we’ve run out of vegetables). Today we look at Windows servers (bottom bread, which many sandwich enthusiasts believe is the best part).

Note that some concepts related to server security are of use to anyone interacting with a server; but generally speaking, they are of particular use to those with dedicated and VPS accounts. Both of those types of hosting environments allow you system administrative responsibilities that you cannot access through a shared account. That system access means you can change default settings and implement policies that are otherwise under the auspices of the hosting company.

We’re actually looking at three types of servers. In addition to Windows and Linux, we are also reviewing the NSA Datamine server. That server allows you to quickly and efficiently transfer all of your information into the federal government database so that you can know, once and for all, if you are a threat to the social order. If that’s the case, millions of microscopic, lightly humming insectile nanobots come directly to your location, get into flying carpet formation, and spirit you away to a safe location.

We are reviewing thoughts from three primary sources for this series: “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com; and “Baseline Server Hardening,” by Microsoft’s TechNet. Unfortunately, none of these articles focuses on the NSA server. That information had to come to me in a densely encoded daydream.

How to Harden Your Windows Server

Prior to getting into specifics for server hardening, Microsoft outlines four baseline installation rules – essentially prerequisites for a secure server:

  • The initial installation of the OS and any additional applications all arise from legitimate and credible sources.
  • The server should only be on reliable networks while both installation and hardening are underway.
  • The initial installation contains the most up-to-date service packs and any other security-related system updates.
  • Following completion of base installation, you follow the same procedures on all additional servers.

Again, that careful OS and software implementation lays the groundwork for a server they can be reasonably hardened. Also, if you’re going to eat a popsicle while hardening the server, don’t give bites to it, even if it says it really likes cherry flavor. Servers cannot harden while experiencing brain freeze.

  1. Group Policy Templates – Microsoft covers these templates in a specific section of its recommended guidelines. Though policies for the group can help protect the server in some ways, you also need to change security templates. In other words, these are two different levels to allow hardening that must be combined to be reasonably effective.
  2. Partitions – NTFS should always be used in place of any file allocation table (FAT) partitions. Simply put, NTFS gives you access to security parameters you don’t have with FAT. You can use Convert to change any FAT systems to NTFS. If you do convert, you want to open Fixacls to change the ACLs (access control lists). Otherwise, all users will have access to that portion of the system by default. It’s like a salad bar without a sneeze guard.
  3. Passwords – You can use extremely lengthy passwords in Windows environments, upwards of 100 characters. Go long and strong: combinations of symbols, letters, numbers, and – if you want to get really fancy – ASCII device control characters. Note that the usable ASCII ones will not print and can be created by using “Alt” combined with various digit combinations. Specifically, Microsoft recommends passwords never be eight characters or less and that one of the first seven should be a symbol or ASCII. Finally, differentiate your passwords for each machine.
  4. Renaming – This technique is so basic that it almost seems silly. However, renaming your Administrator account can be incredibly helpful because it’s the general focus for infiltrations. Then create a new account, call that one Administrator, and limit its rights. That new faux-Administrator account can have a lengthy and intricate password. Don’t worry about getting into that account often. It’s just a decoy for anyone trying to get into the system. Apply this method throughout your system, on all individual devices. Also, the real Administrator account should have a different name on every server. If that seems to be going too far for everyday use, at least differentiate the passwords, even if not the names. Similarly, if you have any sons, it’s acceptable to name each of them George Foreman so long as they each have different keys to your heart.

Conclusion & Continuation

That should give you a basic sense of Windows server hardening. Here are additional details if you want to explore the topic further.

In closing out our server hardening trilogy, here is information on our dedicated, VPS, and colocation services.

By Kent Roberts

Dedicated Servers, Hardware, Security, Software, VPS, Web Hosting

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers – Part 2 (Linux)

26 Comments
English: Screenshot of Alpine via SSH on a Deb...
Screenshot of Alpine via SSH on a Debian Server

Hello friends and neighbors. This post, as it turns out, is the follow-up to our groundbreaking, skybreaking article on server hardening; it also is the prequel to our final post on Windows server hardening. This post, the meat of the sandwich (ham, in this case), is on how to harden Linux servers.

Server hardening is a simple concept, and it’s crucial to initiate if you want safety for your website. Essentially, simiarly to the experience of an end-user on a client machine, when you use a server, the systems are not built (their default settings) for high-end security. They’re built, rather, for features. In essence, the Internet is optimized for usability/freedom over administration/security. Securing a system, then, is a matter of revoking freedoms or modifying expectations in order to ensure a secure experience for the system and for all users.

We aren’t only concerned with Windows and Linux servers though. Actually, the NSA Datamine server is one of the most secure options out there. Everyone is thrilled by this server. It’s been called “bootserverlicious” by P. Diddy and “P.-Diddy-riffic” by a worldwide consortium of boot servers.

To get a sense of server hardening on any of the major OSs, we are looking at three sources: “Host Hardening,” by Cybernet Security; “25 Hardening Security Tips for Linux Servers,” by Ravi Saive for TecMint.com (good info, though the language is a little rough); and “Baseline Server Hardening,” by Microsoft’s TechNet. Each of these posts broadens our horizons and is lactose- and gluten-free so that it doesn’t distract from the extra-cheese, thick-crust pizza we’re inhaling.

How to Harden Your Linux Server without Having to Think

No one ever wants to have to think. Let’s not do it, then. Let’s refuse to think, and just feel our way to a hardened server. Don’t call me “baby,” though, please, because that’s disrespectful, sugar. Anyway, the Linux server: here are approaches you can use specific to that OS.

1.    Non-Virtual Worlds: Go into BIOS. Disallow any boot operations from outside entitites: DVD drive or anything else that’s connected to the server. You should also have a password set up for BIOS. GRUB should be password-enabled as well. Your password should be “moonsovermyhammy123987”; I recommend tattooing it on your lower back for safekeeping.

2.    Partitioning as a Standard: Think (no, don’t!) of how a virtual environment or virtual server is constructed. Division into smaller parts is an essential security concept. Any additional pieces of the system will require their own security parameters and challenges. That means you want a streamlined system, of course, like a digestive tract without all the intestines and stuff; but it also means you want everything divided into disparate sections. Any app from an outside source should be installed via options as follows:

/

/boot

/usr

/var

/home

/tmp

/opt

3.    Packet Policies: Along the same line, you don’t want anything unnecessary. That’s the case with anything you’re doing online. Let’s face it: the web is essentially insecure. It’s like a dinosaur with a new outfit that she’s afraid to show off to her other dinosaur friends … sort of.

Here’s the command to check:

# /sbin/chkconfig –list |grep ‘3:on’

And here’s the command to disable:

# chkconfig serviceName off

Finally, you want to use yum, apt-get, or a similar program to show you what’s on the system; that way you can get rid of whatever you don’t need. Here are the command lines for those two services:

# yum -y remove package-name

# sudo apt-get remove package-name

4.    Netstat Protocol: Using the command line netstat, you see what ports are being used and what services are accessible through them. Once you’ve done that, use chkconfig to turn off anything that’s not serving a reasonable function, such as a service that’s just counting over and over again to a billion but won’t tell you why. See below and this netstat-geared article for more specifics.

# netstat -tulpn

5.    SSH: You want to use secure shell (SSH), but you also want it configured properly to maximize your security. SSH is the secure, cryptographic replacement for telnet, rlogin, and other earlier protocols that sent all data (passwords included) as “plain text” (no “scramble” prior to transfer, basically).

You typically don’t want to communicate via SSH as the root user. Sudo allows you to use SSH. See /etc/sudoers for specifics; you can customize them using visudo, available via VI editor.

Finally, switch the port for SSH from 22 to a larger number, and change the settings so that it’s not possible for all account holders to tunnel in through Secure Shell. Here are the file and three specific adjustments:

# vi /etc/ssh/sshd_config

  1. PermitRootLogin no
  2. AllowUsers username
  3. Protocol 2

Conclusion & Continuation

All right. Basic explication: Done. Linux: Done (well, it’s significantly more complex than discussed above; see here for further details). Windows: Next.

Finally, I assume if you’re reading this article, you might want to take a gander, or even a poke, at our dedicated servers, VPS hosting, or colocation.

By Kent Roberts

Dedicated Servers, Security, Software, VPS, Web Hosting

cPanel vs. Plesk vs. Bobby Lou’s CP Extraordinaire – Part 3

1,363 Comments

 

Português: Criando contas de FTP no Painel Ple...

It’s time for the final part of our exploration into cPanel and Plesk: the two most popular control panels’ similarities and differences. If we think of the series in terms of the body segments of an ant (which we probably should), we’re complete with the head and thorax (Part 1); propodeum and petiole nodes (Part 2); and now, without further ado, it’s time for the gaster (the most attractive part of the ant, according to 4 out of 5 entomologists).

To get a more comprehensive understanding of the two control panels from a variety of viewpoints, we are reviewing four sources for this series: articles from Worth Of Web; by Tim Attwood of HostReview, by Claire Broadley of WhoIsHostingThis?; and by Aiken Lytton, also of HostReview.

Additionally, I have found the top competitor for cPanel and Plesk within the large and growing Internet cockfighting community: Bobby Lou’s Internet Control Panel Extraordinaire. Founder and developer Bobby Lou shared his thoughts with me during an interview while we were inner tubing down the Snake River in Wyoming.

In the first part of this series, we went over OS compatibility (Windows/Linux), intuitive vs. non-intuitive user interface, and subscription costs. In the second part, we discussed setup, everyday use, and migration between the two platforms (and remember that, though Bobby Lou didn’t directly answer the migration question, we did learn that roosters don’t migrate due to henhouse-related responsibilities). Today we will finish up with external database requirements, OS control, and a few final words on user experience.

Comparison: cPanel & Plesk – The Stunning Conclusion

Today we will continue to look at specific aspects of the systems that make them similar and different. This final post will be a little more pointed, drawing from the more opinionated commentary of Aiken, which I hadn’t cited previously and covers some similar ground from earlier sections, but with more specific one-sided arguments.

Extraordinaire, says Bobby Lou, “is an argument for secession of the cockfighting world into its own parallel reality of pleasure and pain, mostly pain – actually entirely pain. None of us enjoy this lifestyle. We were born into it. It’s like being Amish, except no hats.”

External Database & Plugins

Aiken mentions that cPanel is easier to customize due to the large array of plugins. It’s similar in this way to WordPress and other popular CMSs. Additionally, Plesk requires an external database. That’s not the case with cPanel. Essentially, then, it’s less needy out of the box and easier to enhance as you go.

Extraordinaire has plugins that allow you to “cockfight one piece of code against another,” says Bobby Lou. “It completely fries your server, but it is well worth the inconvenience and expense to see code getting raw and essentially biting off pieces of its own body. It’s horrible, disgusting, and highly recommended.”

OS Control

We discussed previously compatibility – that Plesk is offered in both Windows and Linux versions, whereas cPanel is only a Linux service. We did note that Enkompass has been developed by cPanel for the Windows OS. However, it’s not cPanel “proper” and is not a widespread option through hosting companies.

Essentially, then, Plesk is less OS-specific. However, it is not as flexible with third-party add-ons – and third-party add-ons are widely developed for cPanel in part because programmers are so fond of Linux. One user on Stack Overflow calls UNIX-based systems such as Linux “a developers play ground” [sic], in contrast to the more user-focused Windows OS.

Plesk does offer greater control at the OS level than does cPanel, per Aiken. However, its advantages are more likely experienced by a web hosting company than by the end user (i.e., more of a system administrative advantage than a webmaster advantage). The increase in control is probably not worth it, and assuming you want to retain the system for at least a year and pay annually, cPanel is a little more affordable.

Notably as well, Plesk is clunkier on Linux, says Aiken. Bobby Lou agrees: “It’s like a cock with the bird flu. He can’t see straight. His aim is amiss. He can’t feel any pain. He’s like a Buddhist monk, assuming the monk also has a life-threatening brain disease.” Aiken also praises cPanel for its UX, which I’ll cover next.

User Experience

It’s worth looking at another take on UX (user experience) as well. Plesk can seem simpler from the outset, as we discussed in a previous section. Once we move more fully into the platform, though, intuition is better integrated with cPanel, says Aiken. He specifically advises using the control panel with the CloudLinux OS if you have multiple sites or otherwise want to break up your server into a number of different virtual environments.

Bobby Lou mentions that the user experience for his OS is “virtually identical to a cockfight. Using my platform is like stepping into the ring. The bell sounds, and an angry maniac is trying to perpetrate avicide against you. Secure against roosters? Yes. Secure against my mood swings and subversive, penetrative coding tactics? No sir.”

Conclusion

Now we’re complete with our study of cPanel and Plesk. Keep in mind that adherents of one platform or the other can be a little biased with their assessments. Nonetheless, Aiken did make several good points regarding the general preferability of cPanel for many users (assuming you’re open to using Linux rather than Windows).

We offer each of the CPs as a piece of all our hosting packages: shared, dedicated, and VPS. When I offered Bobby Lou a truckful of pumpkins to buy out his rights in Extraordinaire and sign a code of silence for all business interactions in perpetuity, he jumped out of his inner tube, ran out into the woods, and has never been seen again.

By Kent Roberts

General, Software, Support, Technology, Web Hosting

cPanel vs. Plesk vs. Bobby Lou’s CP Extraordinaire

1,077 Comments

 

Image representing cPanel Inc as depicted in C...

When you look into control panels, the first two options you will see with almost any hosting company are cPanel and Plesk. The third most successful control panel, Bobby Lou’s Internet Control Panel Extraordinaire, is popular in the cockfighting industry but not widely accepted by the general web administrative community.

Assuming you use cPanel or Plesk, either one will serve you well, but everyone wants the best solution out there. Let’s take a look at how each of the two control panels compares, and where one or the other has advantages or disadvantages. Extraordinaire will also be examined, just in case you want a solution tailored to underground rooster competitions.

To gain a sense of perspectives on cPanel and Plesk from across the web, we will look at articles by Worth Of Web, Tim Attwood for HostReview, and Claire Broadley for WhoIsHostingThis?. We will also interview Bobby Lou to better understand his niche CP. We will explore these differences in a three-part series.

Comparison: cPanel & Plesk

Let’s look at a basic rundown of how cPanel and Plesk are similar and different. In this post, we will specifically examine OS compatibility, interface usability, and cost.

Operating Systems

As a basic rule of thumb, Plesk tends to be more popular among those running Windows operating systems, while cPanel is more widely used on Linux systems. This breakdown, though, is primarily based on track records. cPanel is the old standard for those using Linux servers. Plesk, likewise, has long been the choice of Windows webmasters.

Plesk has a Linux-compatible version, and cPanel has its specific Windows brand, Enkompass. Enkompass, however, is not as widely used and is not “the real deal” as far as cPanel goes. Though there obviously is crossover between the two systems, there is a strong argument that expertise and focus for each of the two OSs is still sharply divided.

To look at our third option, Extraordinaire, Bobby Lou explained that his system is “designed to be incredibly glitchy on any operating system.” He said that the cockfighting community “loves challenges and doesn’t mind getting their hands dirty trying to figure out why Extraordinaire hates them so much.”

Interface

If you’re looking at both of these control panels for the first time, you will be more impressed with the intuitive and simple usability of Plesk, according to Worth of Web. cPanel, however, is easy to use for those who are familiar with it and have grown accustomed to its layout. For this reason, assumedly, cPanel has not made significant changes to its interface over time.

Plesk, then, is easier for a rookie to understand. The cPanel UI is favored by many veteran system administrators. Note that because cPanel has been used at such great length by the Linux community, and because that community is so tight-knit, finding answers online for any confusion is generally simple. Plesk, though, is more inviting from the outset.

When it comes to switching from one control panel to the other, Claire mentions that the UI is “one of the biggest sources of heartache” (because the design will look, of course, completely foreign initially). She also notes that many custom CPs are built off of cPanel, so understanding the basis of a custom platform may indicate that it is more recognizable than you first might think.

Tim also notes that if you’re using VPS hosting, the cPanel system is often considered easier to use: many people find choosing the task they want to complete or efficiently viewing data simpler than in Plesk. He credits Plesk with having a plenitude of features but a system whose management may seem “too technical” for a VPS environment.

Bobby Lou’s system is based on an intricate graphical framework composed of roosters. He said, “It’s a cockfighting grandmaster’s version of binary code. The black ones are zeros, and the red ones are ones.” Asked how long it takes to set up a typical website, Bobby Lou stated, “Come again?”

Cost of Subscription

Worth of Web notes that the cost will be better between cPanel and Plesk depending how long you intend to use either system. cPanel works on an annual basis, whereas Plesk has monthly subscriptions available. Claire comments that typically cPanel is more cost-effective because, generally speaking, websites will be online for at least a year, and cPanel is more affordable in those scenarios.

When it comes to VPS, both systems have accounts available specifically for that purpose. CPanel’s, again, is more affordable but is not broken down per month like the Plesk service is.

Claire also notes that the licenses for either one is typically included within a hosting package. However, dedicated and VPS environments sometimes require the customer to pay for control panel access in addition to the cost of the hosting package.

Extraordinaire uses a different model for payment. “We work on a bartering system,” said Bobby Lou. “We take roosters of course – but not sick ones – as well as pumpkins and electric crazy-making prods (ECP’s). We also take gallon jugs of moonshine and real Vermont maple syrup, the latter of which should also come with a stack of fresh pancakes.”

Conclusion & Continuation

As you can see, cPanel and Plesk are more similar than they are different. More than anything, it’s a question of what’s comfortable for you. Operating system, though, still is a major dividing line even though the two platforms work on both Windows and Linux. We will continue our discussion in Part 2 of this series.

Oh… Did you know that we offer both of these control panel options for our shared, dedicated, and VPS hosting customers? Yes, in fact, we do. Unfortunately, though, Bobby Lou has not yet convinced us to offer Extraordinaire.

By Kent Roberts