shihty

Firewall is a briage between the Internet and intranet/extranet and a security guard of our importmant data. But we often get some cases about injecting by Trojan horse. How does it inject? And how do we prevent this unsafe leak. Changeing out mind, I suppose, is important Here are sevel way to reduec risk.


1. check log files:
/var/log/message
/var/log/mysqld.log
/var/log/secure
Were you busy, you could found tools to analysis the log fils

2. close unuse port(port can't inject, but service leak can)
Usually we close port 20(telnet),21(ftp),22(ssh),3306(mysql) etc...
In the linux packcet, nmap is a fine tools to scan the port and some useful connecting formation. So try to scan your computer and find any potential problems. Hacker maybe use it, too.
3. strictly limits authority
close unuse account
Useing "chattr" and "lsattr" commands limits the /etc/passwd authority and hide it
4. If have enough buget, using two 2-tier FireWall may be a good idea. It's can avoid
some fake IP packect to fabricate the internal IPaddress to cheat the FireWall filitering program.
5. SQL injection
Use a check program to filiter the information getting from the website. For example, hacker could enter " var $a; a=select * from table_name..in the text box to try the DB leaks.
6. Opne you FireWall ASAP
iptables -h
7. Change your remote login account.
The hacker usually guess your root's password to illegaly login. So add your root login authority into /etc/host.deny or use /etc/host.allow to permit who have been empower.
written by Bernard Chen