Important problem for security issues of computers, servers and major networks are the attacks of hackers in both users and companies. medidas de seguridad en los servidores, equipos de la red y la infraestructura para combatir a virus, spyware, malware, pishing etc. It is important to have security measures in the servers, network equipment and infrastructure to combat viruses, spyware, malware, pishing, etc., well activated. información, contraseñas etc para intentar capturarlas con diferentes tecnicas. For the attacks, software is used to attack the information systems , passwords etc to try to capture them with different techniques.
It is vital that the encryptions are decent and the passwords with decent techniques to try to cushion and protect against such attacks. Theirs would be to check that the password is really protected, check this other tutorial:
- How to make passwords really safe and strong for security .
Vital to have firewall iptables in Linux or comfortable firewall in Windows that for computers, but for company Physical firewall since there are at prices that are worthwhile and are complete for security issues. There are many tools to check security, a known is Snort (snnifer packet checker intruder check). During its installation, it already provides hundreds of filters or rules for backdoor, DDoS, finger, FTP, web attacks, CGI, Nmap. It can work as sniffer (we can see in console and in real time what happens in our network, all our traffic).
It has a style of comfortable use, for example, it detects patterns and rules of attack quickly and easily, activating important and comfortable log's for its check in a habitual way. nort posee base de datos de firmas o patrones de ataques importantes y recibe actualizaciones de forma ordenada y eficiente para la protección ante diferentes tipos de ataques que vayan naciendo. S nort owns database of signatures or patterns of major attacks and receives updates in an orderly and efficient way for protection against different types of attacks that are being born.
In the case of Linux snort it is installed from the repository and if it can not be downloaded from: www.snort.org
apt-get install snort
After installation, we must configure it by editing /etc/snort/snort.conf . Be sure to comment on all the lines that start with "output", to avoid errors due to incompatibilities that may exist with other software. Then we access to edit /etc/snort/snort.debian.conf if we have the option of Ubuntu or Debian but we see what we have to do. We search for the default line, we would use the eth0 network, but we can change if we have another one.
DEBIAN_SNORT_INTERFACE = "eth0"
We restart to update the changes and automatically start scanning to detect a possible intruder in the network.
To see if there is suspicious traffic we should look at the log /var/log/snort/merged.conf The most common logs to see if there are activity or attacks in process are:
/ var / log / secure Registers server accesses that are related to authentication processes / Var / log / faillog shows failed attempts to identify / Var / log / lastlog stores access to the system by users / Var /log/user.log stores information related to the users of the system, such as the processes used. / Var / log / dpkg.log records the installed or deleted packages in the system / Var / log / dmesg where the information that occurs is stored during kernel boot / Var / log / kern.log contains information kernel kernel / Var / log / boot.log logs what happened during system startup. /var/log/mail.log contains information from the mail server / var / log / snort IDS alerts Snort / var / log / apache2 Apache server logs / var / log / httpd Web server logs
Knowing all these log we can have a wide analysis and control of what happens in our team. To understand and prevent all types of attacks, it is best to know them .
