Welcome! I am extremely pleased that you have decided to undertake the long but extremely rewarding task of learning how to correctly secure Linux servers. The internet as we know it has changed rapidly from its inception, and so have web applications.
Web applications have improved in every way possible, from features to performance and functionality. This in turn has also led to an increase in the adoption of the cloud for web-based hosting. This has not always been the case however, traditionally, one would have to set up their own server and hosting environment, which meant that factors like specifications of the hardware to be used had to be correctly selected to meet the requirements of the web application. This type of hosting, as you would have guessed, was both extremely expensive and inefficient.
With the rise of web hosting companies and providers, this issue was quickly nullified and almost anyone in the world could set up their very own website or web application relatively easily, without undertaking the arduous and expensive process and price of self-hosting. Web hosting companies have also changed over the period of their existence by scaling and improving their services based on the requirements of their customers by providing various hosting solutions sorted according to factors like the system resources required and storage space.
With the continued demand for more system resources like; processing power and RAM (Random Access Memory), web hosting companies started providing VPS’s ( Virtual Private Servers). A Virtual private server is a virtualized server that simulates a dedicated server, within a shared hosting environment.
This, however, is not to be confused with a dedicated server. Virtual private servers are made possible by virtualization, where system resources can easily be increased or reduced based on the customer’s requirements, but with added advantages over shared hosting where multiple websites are hosted on a shared server.
Shared hosting poses quite a large security threat as you are forced to share the operating system with other websites being hosted on the same server.
Dedicated servers, as the name suggests are servers that can be used to host whatever service required, you are free to customize the server and install any service you please.
This essentially increases the attack surface as any website or web application on a particular server could be hacked or exploited and this could lead to hackers gaining unauthorized access to the server which would give them access to all websites on the server. This is why dedicated servers and VPS have become increasingly popular, because they provide a customer with more control over the security and functionality of the server, and given that only one web application is being hosted on the server, it reduces the overall attack surface. Customers are also able to modify the server configuration and implement security features and functionality they require therefore giving them complete control over the security of their server. Given all the security advantages dedicated servers and VPS’s provide, many customers and companies are unaware of the fact that they are in charge of the security of their servers and as a result, their servers are never secured or configured with security in mind which leaves them open to hackers and exploitation. This is why learning how to secure your servers correctly and efficiently is extremely important for every company or individual that relies on the integrity of their web application.
This book will focus on securing dedicated Linux servers, whether they are hosted on the cloud or on-premises. We will cover the various differences in security and configuration in both cases and how they will affect the overall security and integrity of the server.
So why Linux? This is a question that can be easily explained by taking a look at the current hosting infrastructure of the internet, about 96 percent of the top 1 million web servers currently run Linux. All major websites in the world use Linux servers to host their web applications, a few examples of these companies are; Facebook, Twitter, and Reddit. Given the popularity and widespread adoption of Linux, many fundamental aspects of web hosting get overlooked or completely ignored. One of these aspects of web hosting is security, and it’s a fundamental role in maintaining the integrity and the availability of a web application and it’s data. An example of how important Linux security is to maintain the integrity of a companies data was the British Airways data breach in 2018 where the personal and financial information of 380,000 of their passengers has been hacked, a wide variety of data was stolen by the hackers ranging from customer names to their corresponding credit card numbers.
Given the prevalence and adoption of Linux for web hosting around the world, security has become an increasingly important factor in maintaining the integrity of the internet in general, therefore, Linux servers require security to be taken into consideration and to be put into practice along every stage of it’s configuration to its deployment. This book is designed to teach and show you how to secure a Linux server from the ground up. Remember, a Linux server is only as secure as it’s configuration.
1.1 How a hacker sees Linux
Before we take a look at how “hackers” see and approach Linux, we need to understand on a broader scale, who exactly a “hacker” is and what they do. A “hacker” is an individual who finds and exploits vulnerabilities caused by weaknesses in an operating system, computer programs, networks, and web applications. “Hackers” are usually motivated by a plethora of reasons ranging from political to personal profit.
It comes as no surprise that the rise of the internet and web applications has also given rise to a new generation of hackers, eagerly awaiting new technologies and web-based frameworks to be released so that they can test it’s security and integrity. It should be noted that many hackers target web servers with the sole purpose of malice, damage or the stealing of data. As a consequence, the word “hacker” has morphed into a term that shares a very close description to that of a criminal or a mercenary. This, however, is far from the truth. Many “hackers” consider themselves professionals that test a web application or a framework for security vulnerabilities and exploit them for the benefit of the public and the company in question by disclosing the vulnerabilities to the company, therefore giving them an opportunity to fix the vulnerability before it is exploited. The goal of this book is to who you both sides of the coin and to give you the skills necessary to set up the necessary defenses and how to test them like a “hacker”.
Their objective is to make the web a safer and more secure environment, as a consequence, this has given rise to a relatively new term that describes hackers or security professionals whose primary goal is to legally target web applications and their hosting infrastructure with the goal of finding vulnerabilities and exploiting them, in exchange for a payment or other credits from the Bug Bounty program. This new type of hacker is called a “Bug Bounty Hunter” .
A Bug Bounty Program is an opportunity offered by many companies and developers, whereby security professionals or “Bug Bounty Hunters” get compensated for reporting bugs in the web application that could be potentially exploited by hackers who seek to cause damage or exfiltrate data. These programs have been increasing in popularity as companies have already witnessed the advantages that these programs have brought to the table in regards to the overall security of their web applications, for one; Bug Bounty Hunters are much better compensated for reporting the vulnerability to the company, rather than publishing it to the public or maliciously exploiting it for personal gain. It allows the company to get an idea or a scope of all the vulnerabilities in its web applications so that they can fix them before they are exploited by Black Hat Hackers. A Bug Bounty Program is a great way of finding bugs and vulnerabilities in your web application and its corresponding infrastructure (Domains and hosting environment), however, this is just the tip of the iceberg and it only addresses security issues at the latter stages of deployment. A truly secure Linux server must be secured from the ground up. Most of the common vulnerabilities exploited or reported in Bug Bounty programs are as a result of simple misconfigurations in the hosting environment and the web application.
Hackers are usually sorted into two categories, Black Hat Hackers, whose main objective is personal gain. They target companies and web applications with the sole purpose of stealing or destroying data and or monetary gain. A White Hat Hacker on the other hand is a hacker whose purpose is to legally test the security of web applications and organizations and defend them from attacks and exploitation by Black Hat Hackers. Bug Bounty Hunters are classified as White Hat Hackers because they find potential vulnerabilities and report them to the company responsibly.
When securing web applications and Linux servers it is very important to approach the security of the server as a hacker, This allows you to rigorously test any new security changes or techniques you have put in place by attacking the server and analyzing the results, therefore giving you critical information about your server’s defenses. This will help you understand where your security is at its strongest and where it can be improved. We will be covering this at the end of the book, where we will take a look at how to perform a complete security assessment and penetration test on your server and it’s services.
Given all the misconfigured Linux servers on the internet, it comes as no surprise that a poorly secured server exposed to the public is likely to be a target for Black Hat Hackers, who will waste no time in exploiting the server, to steal data, take control of your server for their own personal use and attacks or worse to destroy your data. Which in turn will destroy or damage the credibility of your organization.
It should be noted that not all Black Hat Hackers will want to modify your data or cause noticeable damage, quite the contrary, most professional Black Hat Hackers will never want the owner or the organization to know that they were attacked, suffered a data breach, or that any data was damaged, they will go to extreme lengths to make sure that any trace of their activity is wiped from the server, therefore removing them from the scene. A Black Hat Hacker could have simply got unauthorized access into your server, copied your data to their remote server and wiped all relevant logs that would have accounted for his/her actions. This can be observed in detail by all the data breaches of major companies being reported all over the world, the company does not discover any unauthorized access to their servers or the loss of any data long after the data breach, after which the hackers have done all the damage, and are unlikely to be traced.
This points to a worrying trend, negligence by many companies and organizations in security is what is causing all of these attacks and data breaches, the worst part about ignoring the security of Linux servers, in general, is that you may never know if your server was hacked or that you suffered a data breach.
The primary motivation for writing this book is to collate, organize and structure the process of configuring and integrating security on Linux, many resources exist online but they are too scattered or shallow to provide anything meaningful that can be applied practically with an innate knowledge of the workings., this book attempts to cover every important stage in configuring a Linux server with security in mind, it will also go a step further to fully incorporate the CIA of security ( Confidentiality, Integrity and Availability triage).