Tag Archives: security

Server Updates along with Security Updates

As always security is a main concern in our network. We have updated a couple services already and are in the process of updating a few more services currently.

First we have updated NGINX (our webserver) with a few additional modules which will allow us to do a few more optimizations.

We have also increased the SSL security levels. There are some downsides to this. However we believe the upsides outway the downsides.

Cons:

  • Support for IE6 on XP SSL connections have been removed completely.
  • Support for Java6 SSL connections have been removed completely.
  • Support for YandexBot 3.0 SSL connections have been removed completely.

Note: The above were already not supported as none of them support SNI (Server Name Indication). SNI is how SSL connections are defined by domain names rather than IPs. Since our network serve SSL connections based upon Domain names primarily and IPs secondary. Thus the support for the above methods of viewing a SSL site were spotty at best.

Pros:

  • SSL Security score went from 90% to 96.25%, a 6.25% increase.
  • Encryption Speed has been increased.
  • SSL connections now have a subsidiary encryption which helps even more against MITM attacks.
  • Possible BEAST exploit has been removed completely.
  • Possible Lucky Thirteen exploit has been removed completely.
  • Possible CRIME exploit has been removed completely.

Note: Above exploits above were possible due to Encryption methods which were available in the server to support the above methods of a SSL connection. With these removed the possible exploits are removed as well.

New Security Features

Previously we had been using the over-popular Fail2Ban to scan our logs as a temporary fix for the issue. While the anti-DDOS software written by CLDMV takes care of a ton of bans every day. The hacking attempts are still being attempted by some what smarter hackers.

Today we rolled out our first module for log scanning. With SSH probably being the #1 threat to servers out there that is what we chose to target for our scanner. Took several days but the results are amazing. While I can’t divulge the inner workings of the module. Let me just show you the first ban email we got after running it for the first time:

Keep in mind these numbers and bans are simply based upon the past 24 hours of logs.

Update:

This guy takes the cake for CLDMV’s Anti-DDOS software catching a potential intrusion. Just received this email:

Also the log processing module for SMTP hackers is in place as well now. Here’s the first email for the past 24 hours of attempts: