Simple Question about Red Hat security

Hi

I never touch a red hat before but would like to know if using Red Hat O/S to run as a platform for webhosting.

how good is the security is ?  

i heard it will easily break in by hackers but since thousand people using it as well out there for hosting biz.

Anyone can clarify this ?

thanks
kunglaoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

paullamhkgCommented:
Well personal idea, no matter what OS you are using, there will be a chance hack by the hackers, the only concern is how to secure your network and servers.

Someone like to use the hardware firewall like check points, someone like to use the linux box as firewall, so firewall will be the 1st gate to protect your network.

each OS nowaday have it's own security method, M$ Win2K or WinXP or Win2k3 have the security setting you can use. where as linux box also have ipchain or iptables to setup the rules etc...

And yes, lots of webhosting company using linux as the platform, and some use the freeBSD, some use linux, some mixed linux + freeBSD + Unix.

eg. http://www.webhosting.net/21.html, http://www.webhosting.com/pages/dedicated/os.shtml

Hope this info can help :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mbarbosCommented:
Easy to break in - that sounds like a M$ line.
No, a well secured linux server is actually very hard to break in. NetBSD is supposed to be even harder. Linux / Unix is a lot safer than windoze anyway, no matter what M$ sais.

IMHO you should first create a quite secure server and after that setup a firewall. A firewall is just a simple filter, it cannot make an unsecure server more secure, it just restricts a little bit what an attacker can do.

So, yes RedHat would be a good choice for your web server, a lot better than windoze with IIS.
0
jetnetCommented:
Any OS is insecure, if you set it up wrong.  If I setup NetBSD with old versions of Samba, Sendmail, SSH, you name it, it can be exploited.  Some versions of *NIX systems take a stronger stance at security, but when it comes down to it, it ALL depends on how well the admin sets the computer up.

I have run RedHat on 40+ servers for an ISP for 3+ years.  We have had 1 known breakin, and that was due to neglagence of the admin that set the computer up.  After that one problem, we have not had a single known problem.  You have to know how to set the system up, and you have to know what to put on there, and what not to put on there.  If you do not need a service, DO NOT RUN IT.  Its that simple.  And most the time, you only get to know this stuff by trial and error, or by reading and asking questions.

Personally kunglao, if you want a very secure system for your company, *NIX is a VERY secure platform.  Have faith in *NIX systems, just dont be ignorant of what what can happen with your systems.  RedHat can be just as secure as any other flavor of OS out there.  Just play around with it.  

If your looking for INSANE security, look into selinux.  But expect hours and hours and HOURS of getting everything setup.  But once its done, you can basically give the root password out, and no one is going to be able to do anything to it.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

ajenkinsCommented:
Once it's done, nobody is going to be able to do anything on it?  Talk about worse than useless advice.  No networked system is ever totally secure.  Unix got more secure several years ago (Role Based Access Control, proper ACLs), and Linux is now getting there.  mbarbos is misinformed.  Windows NT was certified as secure by the US Government at a time when Linux and most flavours of Unix were not, and Windows 2000 server etc. is still easier to secure than most Linux distributions.  RedHat is the most hacked platform, last I heard.  If you think your system hasn't been broken into, chances are it has.  The hacker has probably installed replacement binaries or you are too stupid to see they've changed the password on an inactive account and started using that.

If you even have to ask a question like this, the answer is not to host your own website.  Get someone who is knowledgeable about web hosting and network security to do it for you.  They can have your web server sitting behind a properly configured stateful firewall, with a rule set so that only you can change your web pages, and most likely they can also do such things as traffic shaping, optimal routes, etc. too.  

If you really must host your site on your own Red Hat box, run all the security updates the vendor has available, and keep Apache etc current.  Use netstat -l to see what ports you have "listening".  You really shouldn't need much besides port 80 for your Web server (and 443 if you're hosting secure pages) and maybe 53 for DNS depending on how you're doing DNS resolution.  Make sure you have remote root logins disabled, and things like root logins for X disabled.  If you want to be able to update it remotely, enable port 22 and use scp/ssh to login and transfer files.  You can use su/sudo to do root-level operations. Then run something like Lokkit to help you set rules for iptables, and deny/ignore all ports but the ones you left open.  Even if you do all that, you'll probably still get owned, so make sure you make backups and keep your eye open for suspicious activity on your system.  Argh that was like explaining how to write your name holding a biro with your toes.  Silly question, silly answers, why?  
0
jetnetCommented:
Yeah, before you go off and make comments like that, why dont you check out SE Linux real fast.  Thats how they test the box out.  They set it up, then give out the root password, and see if anyone can break it. http://www.nsa.gov/selinux/  But thanks for the ever so confident comments.
0
pjedmondCommented:
Red Hat is a mainstream version of Linux. As a result:

1.    There are more installations of Red Hat out there than most other Linux variants.
2.    There are more installations to hack.
3.    There are more successful hacks as much of the code is the same as many other Linux Variants.
4.    There are more publically hacked systems.
5.    Vulnerabilities are better publicised.
6.    Patches to solve vulnerabilities are more widely available.

....therefore shouldn't Red Hat be the most secure solution for webhosting available?

Answer is no....because:

1.    Most sysadmins don't keep security patches up to date because they have pressure on them to solve more high profile problems.
2.    Most people do not initially secure their server properly.
3.    Most people do not have sufficient time to check logs for probing attacks.
4.    Remember that the hacker has to be lucky once, and the sysadmin always!

Therefore, unless you have time to deal with and understand the becauses, then get someone else to host your system. If you do keep your system up2date (:)) and take the time to secure it properly, then RedHat systems can be as good as (if not better than) any of the alternatives as a wwebhosting solution.
0
pjedmondCommented:
I think that mbarbos, jetnet, ajenkins and myself have all put in valuable input to what is actually a very vague question. Overall, I think we all agree that most Redhat Linux can be made as secure as is likely to be necesary for the asker of the question. It just depends on the amount of care taken.

Overall, I think the points ought to be split. (all 30 of them - hehehehe)
0
VenabiliCommented:
We cannot split the points. We need at least 20 per expert  So in such cases the points go to the first correct answer ...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.