The document discusses holistic server security and provides an overview of key areas to focus on, including network hardening, patch management, log reviews, backup management, and other considerations. It emphasizes starting security at the network level, keeping systems updated and configured securely, automating log reviews and backups, and periodically reviewing configurations and processes. The overall message is a holistic, layered approach to security is needed to properly protect servers.

1. Holistic Server Security
hashdays 2012
Lightning Talk by Sean Rütschi

2. Why are you doing this to us?

3. Overview
● Why are you doing this to us?
● Who am I?
● Network
● Hardening
● Patch Management
● Log Reviews
● Backup Management
● Last thoughts
● Outro

4. Who am I?
● Sean Rütschi
● Security Consultant
– scip AG: www.scip.ch
– Web: www.5e4n.ch
– Twitter: @0xSR
● Previous experience as
System Engineer
● No previous experience as a
speaker at a con
● This presentation was thrown together very
quickly, so don't expect any miracles

5. Network

6. Network
● Start filtering here → anything that stops here
doesn't bother the servers
● Network segmentation
● Use firewalls according to concept
● Do firewall rule reviews → remember Marcs
talk from yesterday?
● Don't overcomplicate things → KISS

7. Hardening

8. Hardening
● Read the documentation
● Research if you don't understand config
options
● Use ACLs on multiple levels → reduce to the
max
● Do periodic reviews → one per month/year
● Did I mention you should read the
documentation?

9. Patch Management

10. Patch Management
● Keep to vendor patch cycles
● Keep up to date if there are no vendor cycles
→ remember Jonathans talk?
● Categorise patches
● Test patches in important environments if you
have time
● Research if patches add/change/remove
config options → remember the hardening?
● Enforce patching on clients

11. Log Reviews

12. Log Reviews
● Automate reviews and corresponding actions
→ Remember the Selfdefending Databases
talk?
● Consider correlations
● Escalation process
● Do manual checks periodically
● Many programs use different log formats
● Periodically review the log formats

13. Backup Management

14. Backup Management
● Dedicated machine
● Automate backups
● RAID is not a backup
● Restrict backup machine access to necessity
● If possible, restrict remote access to the
backup machine
● Make sure that the backups can be restored
→ periodic tasks
● Consider backup medium → storage and
encryption

15. Last thoughts

16. Last thoughts
● Malware protection
● Hardware disposal
● High availability
● Redundancy
● Capacity planning
● User management
● Awareness training
● Etc...

17. Outro

18. Outro
● Thanks to Infosec Reactions for the pics
● Come speak to me if you have any further
thoughts on this topic