[TriLUG] Protecting from SSL Vulnerabilities - iFolder
jbroome at gmail.com
Wed Apr 28 21:42:02 EDT 2010
On Wed, Apr 28, 2010 at 21:27, Ron Kelley <rkelleyrtp at gmail.com> wrote:
> So my question is -- how vulnerable is apache and SSL when open to the
> internet? Given 443 is a very common port, I can only imagine hackers
> routinely pound the snot out of these types of machines. What can I
> do to lock this thing down to limit my exposure? Since this is a VM,
> I have console access and have already disabled sshd. What else can I
> do? Are there tools I can run to check the security of the server
> from the outside?
I've never heard of moving https to another port for security reasons.
I seriously don't think it's a problem to leave it on 443.
fail2ban has some apache modules that you can use to block people that
try to brute force or scan for common vulnerabilities.
Hell, grab some netblocks of all the countries that won't be accessing
your server legitimately and block those.
More information about the TriLUG