Situation: You need to secure a server... in 5 minutes
Posted 14 February 2012 - 08:27 PM
To the best of my knowledge the main OSes we'll be dealing with are:
-Windows Server 2008 (or 2003)
-and perhaps a lonely Windows XP machine sitting in the corner somewhere, crying out for attention and asking for an upgrade from the horrific state that is: "Service Pack 2". (I shudder at the thought)
Posted 14 February 2012 - 09:11 PM
Posted 14 February 2012 - 10:55 PM
Before the competition figure out the exact versions of the servers to be installed. Get very familiar with them, and any known security flaws. Practice running drills till you guys get it down, and could do it in your sleep in under 5 minutes.
I wish we could, but we were told we won't know details like that until the day before the competition. I'd like to say what we already have planned but I don't want our agenda to be public, so I might wait until tomorrow and mention our plans on the IRC channel, or I could PM anyone interested.
Posted 15 February 2012 - 12:45 AM
Posted 22 March 2012 - 01:15 PM
For Linux, could try to get a copy of SecVisor. It's mathematically verified to prevent kernel-level injections. Then, add to the kernel executing only signed code, comparing existing processes against whitelist, detecting file modifications, and MAC (could use SMACK or Tomoyo to avoid SELinux-style complexities). Do the regular checklist steps for the system and specific server. Hackers will have a hard time exploiting this box. For Windows, might use application level virtualization so you can do the above with a precreated (or quickly created) Linux VM, depending on the rules. Technology like TILT can run with an application to detect illegal dataflows with minimal overhead. You might also use virtualization to run the WIndows box in a deprivileged way next to a privileged box (Linux or BSD) that monitors it.
Quite a few options. They aren't simple. But protecting inherently insecure legacy software from a whole arsenal of attacks, including zero days, never is easy or simple. It's why I hate monolithic OS's and promote better designs like INTEGRITY, QNX, or MINIX 3 (work in progress). Google LOCK, GEMSOS and XTS-400 for very secure designs from the old days. (I think Schell has a "lessons learned" GEMSOS paper on the net, too.) Bernstein's Qmail Lessons Learned paper is also instructive.
Posted 15 April 2012 - 01:37 PM
Posted 15 April 2012 - 08:40 PM
I think that pulling the plug is still the most quick way to "secure a server"
That was funny.
Posted 16 April 2012 - 11:03 AM
Edited by phasma, 16 April 2012 - 11:04 AM.
Posted 16 April 2012 - 11:34 AM
Posted 27 April 2012 - 10:31 AM
Oh... Contest was in March. We might be a little late here.
Haha! Yeah, it's okay though, I worked out a few things. In the end I decided to go for a quick configuration of iptables, changed all default passwords and disabled unnecessary services, and lastly I found that the system was using AppArmor, so I made some adjustments to that and called it a day. The way everything was set up was rather annoying, and we apparently lost points because iptables was blocking the scorebot for a while (woops). I'll upload some scripts later.
BinRev is hosted by the great people at Lunarpages!