How to be Secure?

[EndlessFrag]

Hi I just actually signed up on the forums.

 

This is actually a question(s) as well. Can some people provide their experience in the best way possible of keeping the machine secure as possible? Myself honestly doesnt know much about security so this is the main reason I am asking since I want to avoid being comprised or attacked.

Any help or info will be great!

[djonz]

Hi, Welcome.

 

- Using Strong Passwords (Definition of Strong Password : http://www.pvamu.edu/pages/1741.asp)

- Always have a Firewall running.

- Open only the ports you are using.

- Install only things that you know what they do.

- Keep those things Updated.

 

I think that this is a good start.

[EndlessFrag]

Yeah i got this basis pretty much thank you very much for the input!

[EndlessFrag]

Anything else from anyone? Tips, Tricks, etc?

[steam.roy]

I would look at the following points as a starting point: (looking just outside of security as well)

 

1. Protection

a. Firewall + antivirus

b. Hardware infrastructure (firewalls, DDoS protection, induction deduction)

c. Software/OS (Keep it update, keep it to known software (if you can), strong passwords )

d. Legal (have legal foot to stand on, have things like warring messages when you login/get someone with legal knowable to look into this, I am not)

2. Redundancy

a. Hardware/servers/network/everything to a point

3. Recovery

a. Backups (do you have a backup for everything, is it up to date, is it safe? Etc)

b. Plan (what will you do, how long will it take, what will you need, etc)

c. If your systems are down and you only have your backups. How are you going to let your clients know)

[Admin-Nation-Servers]

It is very important to lock up all remote communication ports for Remote Desktop Connection or similar remote software.

 

Limit access to specific incoming IPs, if you connect through a static IP address limit remote logins to that.

 

Administrator is a well known username, you should lock/disable the account and create a new user + password for admin access

 

Look for pci compliance services, even though your server isn't going to accept credit cards it will point out new exploits that your system is open to.

 

Keep each game server on a seperate user account.

Have them all under the same security policy group.

This way if their is an intrusion due to your clients account being compromised or the client being malicious you can limit the attack.

 

Last and probably the most important, check your logs weekly, if someone is trying to get in it will state bad logins (For windows EventViewer)

[Jack]

Also, ensure that MySQL Injection is not present.