0 day exploits

Zero day exploits, best explained here, will be coming out daily for the month of January, it seems, due to a security research firm in Russia. No matter what you think about their methods, this does highlight a fact that is sometimes forgotten, every running service presents the potential for an exploit. But without those services a computer is just an overpriced electric heater. So how do we protect ourselves against the unknown and unpatched? By being very careful about what our servers are running, only allowing access to the minimum number of resources required to get the job done, and having a plan for when your monitoring reports the service is down.

     Since linux distributions are varied in their installs I won’t go through each but most of the “friendly” distributions start, by default, a variety of services that may not be required but could potentially have exploits. While most of these don’t have a network component, combined with other exploits they could help open the server to attack. For example, Red Hat starts processes to monitor the software raid and logical volume manager even if you aren’t using them. It also starts processes for handling bluetooth devices, HP printers, and command line mouse support, even if you don’t have them. None of these should cause you any concern but if you don’t need them they don’t need to run at all.

     Most Apache HTTP server installs suffer from the same desire for usability, many modules are made available to the server by default. For example, you probably aren’t using LDAP authentication or WebDAV as part of your server but the modules for them are preloaded on most default installs. Identifying the modules that are required for your web site or application to run and then disabling the ones that are not will reduce your apache httpd footprint and therefore reduce your exposure.

     MySQL server doesn’t have the modular nature of our prior two examples but there are some steps that you can take to reduce your exposure. First off, after doing the install and setting the root password, remove the test user and database. These have no known exploits but aren’t needed. Second, ensure that your users are bound to a host instead of a wild card address, this makes sure that connections are only authorized from known hosts. Finally, if you are running mysql on the same host as your webserver and this is the only server that needs to access it, configure it to only listen on localhost ( There is no place like 127.0.0.1 ), this ensures that remote hosts cannot connect to your database even if your firewall fails.

     While I did focus on some of the more simple things that can be done to a LAMP server, this should give you an idea of what kind of changes can be made that won’t effect your service but will reduce your exposure footprint. Remember that before you make any changes you should do a backup and make copies of the files you are editing. We will see what this month brings as far as unpublished exploits and should also take this time to remember that not all exploits are published or patched, or even discovered yet.

Reblog this post [with Zemanta]
2010
01/13
CATEGORY
Linux
Monitoring
Security
TAGS











3,039 comments

  1. It is the best time to make some plans for the future and it is time to be happy. I’ve read this post and if I could I desire to suggest you some interesting things or advice. Maybe you can write next articles referring to this article. I wish to read even more things about it!

  2. Give thought to your energy and time together with the things it happens to be really worth

  3. Yay google is my world beater aided me to find this outstanding website ! .

  4. I forewarned they sway off ultrasonic [b]purchase altace prescription on line[ b] sometimes on that gated dosing

  5. Hi Wonderful post But this website is still loading slowly

  6. Excellent goods from you, man. 0 day exploits | J Squared Consulting I have understand your stuff previous to and you are just too magnificent. I really like what you’ve acquired here, certainly like what you are saying and the way in which you say it. You make it entertaining and you still take care of to keep it smart. I can’t wait to read far more from you. This is actually a terrific 0 day exploits | J Squared Consulting informations.

  7. Now you could have your new website and you’re eager to start making some sales! But, how can you make sales should you do not need excessive volumes of holiday makers to your website?

  8. Enrique Iglesias si que es belloooo

  9. Amazing post , I really am trying how to make my weblog this interesting !

  10. Hi This is the right blog for anyone who wants to find out about this topic You realize so much its almost hard to argue with you (not that I actually

  11. I believe this website holds some real great information for everyone : D

  12. I have a couple of really fantastic ideas for writing a story but whenever I start writing something I always get bored after a couple of chapters Does anyone have any tips to make sure Im always interested in what Im writing

  13. Admiring the persistence you put into your blog and in depth information you present Its nice to come across a blog every once in a while that isnt the

  14. Chocolate rain All day All day :D My friends get annoyed when i sing this but I DONT CARE ITS HELLA FUN Try it Go on You know you want to Sing Sing it Sing sing sing sing sing

  15. Whats up clever points.. now why didn’t i think of those? Off subject slightly, is that this web page pattern merely from an ordinary installation or else do you utilize a customized template. I take advantage of a webpage i’m looking for to improve and nicely the visuals is probably going one of the key things to complete on my list.

  16. Heya i am for the first time here I came across this board and I to find It really useful & it helped me out a lot Im hoping to offer something again

  17. I have read a few good stuff here Certainly worth bookmarking for revisiting I surprise how much effort you put to create such a fantastic informative

  18. These all YouTube gaming movies are in fact in fastidious quality, I watched out all these along by means of my friends.

  19. Exceptional design, at last revealed the source for romantic wallpapers

  20. Attractive portion of content. I just stumbled upon your weblog and in accession capital to claim that I get in fact loved account your blog posts. Anyway I’ll be subscribing for your feeds or even I achievement you get admission to persistently quickly.

  21. Ive been trying to Acquire entry to this website for a while. I used to be using IE then after I tried Firefox, it labored just effective? Simply needed to deliver this to your attention. That is actually good blog. Ive a bunch myself. I really admire your design. I do know that is off matter but,did you make this design yourself,or buy from somewhere? Anyway, in my language, there usually are not much good source like this.

  22. Along with the whole thing which appears to be developing throughout this particular subject matter many of your viewpoints are generally fairly radical

  23. Great content material and great layout Your blog post deserves every one of the positive feedback its been getting

  24. Great work! This is the type of info that are supposed to be shared around the web. Disgrace on the seek engines for no longer positioning this submit upper! Come on over and consult with my website . Thanks =)

  25. Google strategy that dont rank this type of informative sites in top of the list Generally the top websites are full of garbage

  26. I post them, they get 1 or 2 views, and then no more. I would like my content to do more than just give me a few views…how do I get them on the search engines or something like that? Will no one ever go to my blog just because I don’t post every day?.

  27. I have the same problem occasionally but I usually just force myself through it and revise later Great luck

  28. Hi there just became aware of your blog through Google and found that it is really informative Im gonna watch out for brussels I will be grateful if

  29. Eine wirklich geile Seite Komme jetzt öfter mal zum lesen

  30. I have to show my appreciation to the writer just for bailing me out of this type of trouble. Because of looking throughout the the web and meeting suggestions which were not productive, I thought my entire life was over. Existing without the solutions to the issues you have sorted out through this post is a crucial case, and the kind that might have in a wrong way damaged my entire career if I hadn’t encountered your web site. Your primary knowledge and kindness in dealing with all the stuff was crucial. I don’t know what I would have done if I had not discovered such a thing like this. I am able to at this moment look ahead to my future. Thanks for your time so much for your expert and results-oriented guide. I will not think twice to endorse your web site to any individual who would like tips on this topic.

  31. Eh = +53347555 Love Game = +23994876 Paparazzi = +36429836 Bad Romance = +100000000

  32. Hey Nice post Please when all can see a follow up

  33. Excellent ideas throughout this post you just gained a brand new reader Im curious if you have any follow ups to this post

  34. Informative article, just what I needed.

  35. I am so happy to read this This is the type of manual that needs to be given and not the random misinformation that is at the other blogs Appreciate your

  36. Just in spite of particular walk through is almost certainly said they have experienced much on the markets, this is one thing should be produced by intended for. This was a ideally suited content article.

  37. Great blog here Additionally your site rather a lot up very fast What web host are you using Can I get your associate hyperlink to your host I want my

  38. I cant believe youre no a lot more widespread since you positively have the gift

  39. Thank you for the sensible critique. Me & my neighbor were just preparing to do a little research about this. We got a grab a book from our local library but I think I learned more from this post. I am very glad to see such excellent info being shared freely out there.

  40. Moncler jakcets mainly target cold winter months, so it is sizzling hot in frosty weathers, along with the discount cost and top quality let many people keen on this, so i really like the moncler outdoor jackets, and i know a website could provides us good quality jackets with a low price

  41. What side on the moncler coat is the repair on. ?

  42. They won’t improve your credit score restrict. So get what it is possible to whenever you start. They’ve improved their customer service hrs sort of. Umbrella financial institution itself doesn’t handle it anymore, some other provider does their 24 hour service. They haven’t improved on whenever you get your credit score again whenever you spend them. It can take as much as five days from when your payment hit. I shell out mine off every single month, but need to wait if I want to use it for a large finish buy because of this and their no credit score restrict improve policy.

  43. Bangin Tune and how come the song is about 6 mins long and this is only 4 mins

  44. Great taking a few minutes to go about the I feel firmly regarding it together with adore looking through read more about this unique concept However if

  45. LeBron James better show up in final 2 games of this series cause if he dnt plz stop all these damn Michael Jordan comparisons

  46. I am down 14 lbs in one month and I am so excited 40lbs away from my goal

  47. Thanks, I’ve recently been seeking for information about this topic for ages and yours is the best I’ve located so far.

  48. Hot chocolate every day

  49. Absolutely fantastic This is such a brilliant and informative article been Googling for hours and this has answered so many questions

  50. I likewise think so perfectly written post

  1. No trackbacks yet.