On Wed, Jun 15, 2011 at 9:16 AM, Steve Phariss wrote: > Hi Lisa, > > This post was just the very basics. There will be several of us looking at > the attack vector and logs. There are things I will not have control over > and I have let my concerns (many of them you mentioned, it's good to know I > am on the right track )be known to the hiring company. Good point of > using an alias. > Yes, take it from a social engineering specialist. :) > > I know that minimizing the attack vectors is generally best, that is why I > would like to (if possible) eliminate one of the DBs. If not possible, > secure both as well as possible. Many shops run many DB's from mysql to oracle to rdb to msql happily serving it all. It's a poor place to implement a security standardization. The issues for any database are with code and security specification during development, not in the DB itself. As a professional, be VERY careful what bias you implement as a "technical recommendation"; it's the single most limiting factor to a systems engineer/administrator's intelligence. This is not POLITICS! Download Rapid 7 Nexpose Community Edition (free) scanner and setup on CentOs and see what's exploitable. > > > On Wed, Jun 15, 2011 at 8:17 AM, Lisa Kachold wrote: > >> Hi Steve! >> >> I would be very careful about specifics to a list; especially if you plan >> to later advertise you work there. >> >> Using another name or alias for security questions is generally best. >> >> See my suggestions below. >> >> On Tue, Jun 14, 2011 at 10:41 PM, Steve Phariss wrote: >> >>> I may have a job putting a compramised system back into production >>> (actually we are moving them from Ubuntu to a RHEL VM...) >>> >> >> Be sure to do your feasibility research BEFORE making a technical >> recommendation. A feasibility plan takes into consideration ALL of the >> various daemons and services as well as other things which much connect and >> network (iSCSI for instance). What will you do if one of their programs >> (Mason-CM) won't work with RHEL VM? >> >>> >>> I am still lacking some details but they are running apache, Mysql AND >>> Postgres, Drupal, and something called *Mason*-*CM. I am not sure why >>> the two DBs but if there is not a good reason I will move them off of one or >>> the other. >>> * >> >> >> Mason-CM is required for one of their apps. You will break upwards >> compatibility if you move them. Run both. >> >>> * >>> Anyone have any good docs on securing Apache, Drupal, the DBs, or >>> Mason-CM? >>> * >> >> >> That's too blanket of a question. Apache/SSL/postgresql all have >> insecurities based on version. >> Everything can be "hacked" or configured just to work, not to work >> securely. >> >> Apache runs with many additional features, for instance mod-proxy. >> Drupal runs with third party contributed modules -- not all secure as the >> government learned last year in a famous hack. >> DB's are only as good as the underlying security model. >> Read the docs for Mason-CM (but again it's going to be dependent for sql >> injection protection on the underlying code base or app). >> >> The best I can suggest is to run Rapid7 Nexpose security scanner against >> your configuration and mitigate each thing one by one. >> >> But before you rebuild, you might take a minute to determine the "attack >> vector". >> >>> * >>> Thanks >>> >>> Steve >>> * >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >>> >> >> >> >> -- >> (602) 791-8002 Android >> (623) 239-3392 Skype >> (623) 688-3392 Google Voice >> * >> *Server Engineer/Security Administrator >> HomeSmartInternational.com >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- (602) 791-8002 Android (623) 239-3392 Skype (623) 688-3392 Google Voice * *Server Engineer/Security Administrator HomeSmartInternational.com