Skip to main content

Thread: Help Securing a VM Server

-

for side project i've been working on, i've setup ubuntu server (10.04 lts) in virtual machine running on standard kubuntu install. since work related , need check in on things work, load new data server work, , whatnot, i've opened 80 , 22 on home router outside traffic (80 since regular user interface web based, , 22 obvious reasons), , forwarding vm. since have consumer level router, set ssh on main machine on different port, , 80 not open on side.

ignorant when comes networking in general, let alone network security, , although vm comes company "should" have hardened server, want make sure that's case. since it's vm, don't care if gets hosed can reload new image. suboptimal (to least) i'm sure i'll end losing of work. but, of big concerns attackers being able main box there via ssh, problems isp due illicit traffic, , things that. big problem i'm in on head when comes coding i'm trying do, , i've had spend every free minute can trying figure out , learn scripting necessary, , don't have enough brain cells left process networking , network security language.

i've tried read on network security stuff out there, , honest, lot of on head. i've been monitoring log files, , see tons of failed ssh attempts, occassional big warning (the source url cracked me up!):

code:
nov  4 07:29:25 tsvmware sshd[24507]: reverse mapping checking getaddrinfo webserver.1800hairextensions.com [206.217.199.18] failed - possible break-in attempt!
apart having needed ports open on server vm, , having 80 , 22 open on router, plus strong password on systems, can make sure @ least make challenging attacker in , bad? know ufw inactive on system currently. however, i'm not quite clear on router not. i've had look, , seems vendor has not setup iptables rules. had @ community docs (https://help.ubuntu.com/community/iptableshowto), , again, it's little on head @ moment. seems better configure this, imagine, i'm not sure how go this.

thing thought of maybe it's bad use ssh key rather password between server vm , host machine. 2 have different passwords, , i'm thinking may more secure have use password through host rather being able automatically connect if 1 can guess user name. make sense?

i've find nice guide security tools , settings 1 should consider. however, feel lack time , knowhow learn of , appropriately set up:

http://www.thefanclub.co.za/how-to/h...-part-1-basics

can offer advice on best way make sure vm server safe, maybe abject , total moron's (a few steps below idiot imagine) guide ubuntu server security? apart changing ubuntu server version, think (or hope more it) should able needs done without affecting rest of setup. sincerely appreciate can point me in right direction!

hi drmrgd.

few thoughts:

if want secure vm, don't make directly available internet. be:
  • don't bridge interface, use regular nat hid behind host machine.
  • secure host machine instead. use keys long passphrase, iptables, etc.
  • map port host machine ssh port on vm can connect locally it.
  • in order connect internet, have connect host first, , jump vm.

thoughts. let know how goes.
regards.


Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [ubuntu] Help Securing a VM Server


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Could not place because the source rectangle is empty

-
up until 3pm yesterday, illustrator cs6 , photoshop cs6 worked without hitch @ 3pm, of sudden message 'could not place because source rectangle empty'. doing dragging 1 of our company logos photoshop illustrator .eps file holds our graphics. have done hundreds of timnes before , either way or highlight image in illustrator , paste photoshop. either way still getting error message.   nothing has happened in settings (that aware of) , google gives me numerous results of point @ fact may have corrupt .eps file. not case. if try , drag , drop or copy , paste various different fiele .jpg .png , .eps or .ai have same issue.   i uninstalled photoshop morning re-installed see if fix issue no such luck.   as is, affecting work , sure there workarounds ie. if go file/open , open file way works no eps file holds many seperate graphics once opened in photoshop, seperate images become 1 image.   can this? are getting problem when copying/dragging 1 specific illustrator document or affecti
Read more

Thread: Using smartcard reader with vpnc

-
Image
anyone know how smartcard reader talk vpnc under ubuntu? i've got omnikey 3121 lsusb finds code: bus 004 device 003: id 076b:3021 omnikey ag cardman 3121 opensc-tool ignores ("no smart card readers found"). posted bkline anyone know how smartcard reader talk vpnc under ubuntu? i've got omnikey 3121 lsusb finds code: bus 004 device 003: id 076b:3021 omnikey ag cardman 3121 opensc-tool ignores ("no smart card readers found"). bump. Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Hardware [all variants] Using smartcard reader with vpnc Ubuntu
Read more

Adobe Font Folio 7.0 or just 7?

-
someone deleted my question about adobe font folio 7. looking informations related adobe font folio 7 released march 13, 1995 , can not find ( not even a picture of original packaging). know if, later versions, called 7.0 or 7. thank much. i seem recall called adobe font folio v7.0 , , @ age memory fails me enough can't state under oath; quick google searck on precisely adobe font folio v7.0 returns bunch of hits on pirate software sites.  don't know if that's reliable enough you, until adobe staff chimes in, that's best got far.  More discussions in Type & Typography adobe
Read more