A security audit is probably one of the least requested services that I perform, and for a good reason. Truth be told, most of my clients don’t think about security when it comes to their Linux server. After all, Linux is an extremely stable and secure Operating System. Assuming that some sort of basic Linux server maintenance is being performed, the server should be safe from most types of root compromises. However, server maintenance usually won’t protect your server from the more popular web application attacks.
A good security audit will test your server for:
- XSS vulnerabilities
- Operating System vulnerabilities
- Weak user names and passwords
- SQL Injection vulnerabilities
- Server application vulnerabilities
- Insecure configurations
- Information disclosure vulnerabilities
Using advanced scanning tools, you can test for all of these potential vulnerabilities on your server. Tools such as nmap allow for advanced port scanning, and the tests the ability of an attacker to detect possible sensitive information about your server. Tools such as Nikto scan a server for web application vulnerabilities, and reveal information disclosure vulnerabilities.
If you hire someone to run a security audit on your server, ask questions beforehand, such as what scanning suites will be used, and ask for references. Any professional should have quite a few references, and should be able to identify the scanners that will be used against your Linux server. In addition, ask them if after hours scanning is available, so that your business is not adversely affected by these scans.
If you have any further questions about security audits for your Linux servers, please feel free to contact me.
