Linux Server Security

Security is a particular interest of mine, but not one in which I regularly get to indulge professionally. Most companies are reluctant to invest in security auditing since there is rarely any visible benefit (to the layman anyway). As such, most of my security-related work consists of recovering compromised hosts, and post-compromise forensics (how did the intruder get in, how can we stop it happening in the future, is the system backdoored etc). Over the of years I've also provided detailed forensics reports which have been used as the basis of both criminal and civil prosecutions.

One area of security which I do get to work in regularly is PCI DSS, the bane of e-Commerce webmasters (you can read about my views on PCI DSS here). Typically clients come to me with the results of a security audit from a QA (Qualified PCI DSS Assessor); I go through the report and fix or refute things (mostly the latter, since the reports are generally filled with false positives). Usually one or two hours is enough to take care of any issues, leaving you free from PCI DSS worries for another year.

Security was one of my first interests, and was the subject of my first book, back in 2005. Since then things have changed a lot, with web exploits being the primary threat that I encounter. I get a strange fascination out of inspecting hacker tools recovered from compromised servers, and over the years I've encountered all manner of worms, rootkits, back-doored binaries and scanners. As a result I can usually clean up hacked servers quickly and efficiently, and pinpoint the source of the intrusion. Optionally I can then also advise on pro-active measures to stop similar things happening in the future.

Tools that I'm particularly fond of include:

... but of course, nothing beats the basics like netstat, strings and strace, combined with a bit of common sense and logic

Consultancy is offered at a flat rate of 40 GBP per hour. Please contact me for further details.
You may also like to read more about my background, and the areas that I work in.




























Linux Services

Books

Code

vBulletin

Fun Stuff

Blog

Pete's Shed




linux support email pete@linuxbox.co.uk
(+44) 07890 592198