How i can secure my machine to other.

[pradip030384]

Hi tell answer of this.

[imranb]

That is a very vague question, what do you mean by secure my machine to another?
Are you talking about direct connection between two machines?
You may want to look into VPN and connect both machines via VPN which is secure.

[janding41]

Either VPN or firewall most common ports and very secure passwords.

[JPC-Martin]

You can secure your server by following some security hardening steps which are mentioned below:


1> You can install the APF (Advance Plicy Firewall) on your server in order to scan the incoming and outgoing traffic on your server and to stop the possibility to open a backdoor while using any non-standard port.

2> You can install BFD (Brute Force Detection) software in order to stop the brute force attacks that will protect your server from normal brute force attacks and dictionary attacks and many others.

3> You can harden the /tmp partition on the server.

4> You can disabled the Protocol v.1 for SSH due to security reasons.

5> You can disabled the standard SSH port 22 and set another port for SSH connections which is 2255 for security reasons.

6> You can disabled the direct root access for your server.

7> Please reset the root password and set a hard password that will show resistance against brute force attacks and dictionary attacks.

8> I will also recommend you to enable two way authentication in order to login into the SSH as root to increase the safety against unauthorized access to your server.

[JPC-Martin]

Here are some tips to keep your site secure.

1. First thing you need to do is check all vendor/developer sites for ALL web scripts/applications used in your account for any update including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspect. However, you must check all and keep them upto date. Check the database on Secunia.com for any known exploits released in public.

2. Once you have verified that 100% of scripts are latest stable, you will need to go through all files of your account and make sure none is uploaded by hackers before you audited or left by you from an old install of an application. There may be files in folders you would never imagine. You can use ftp clients to go through all files under public_html [contents directory] and compare them with your local copy. [You should always maintain a local copy for this comparison as well as backup]

3. Make sure all passwords are mix of alpha-numeric and not a dictionary word. Just because you thought of a difficult word from dictionary does not make you safe.

4. The MySQL database access to all web application should be using separate db users. Do not ever use your main account user/pass for it. Your main user/pass should never be stored in any file in your account.

5. In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.

6. If you have customized a web application with a mod, make sure it is also latest stable. Many popular web application may be stable but one of the addon mods are exploitable, which may not be maintained any more.

7. If you have written some code yourself, make sure all input variables are sanitised (checked for valid data before using it). Otherwise a single line of bad code can give access to your entire account. The usual blunder is to include a file based on user input. Again, make sure all input to a script is checked for valid data. All exploits are based on input data. If your site does not take any input, you are 100% safe from web exploits, i.e. if you run 100% static html site with no script whatsoever anywhere in your account.

8. For php, any application that uses register_globals to be active has more chances of being exploitable. Avoid such applications.

9. If you have some mail script, make sure it is safe from header injection. In essence make sure that email address, subject and other part of data that is being submitted by user does not contain line breaks.

Note !!! If you need code to save header injection you can ask me freely.

10. For added security, change the permissions of your configuration files (having database credentials etc.) to 660. You can do that via ftp or file manager.