ClearOS

Setting ClearOS untuk warnet yang menggunakan Microsoft Windows

Setting ClearOS untuk warnet yang menggunakan Microsoft Windows

 

Disadari atau tidak bagi para warnet yang menggunakan mikocok sebagai client maka OS tersebut akan menggunakan sebagian kecil bandwidth untuk berhubungan dengan pembuat OSnya, settingan berikut berguna bagi warnet mikocok yang “fakir bandwidth”… untuk server COS

 

 

 

 

 

Namun masih ada kelemahan pada saat update masih bisa download file

 

 

 

 

 

Kalau ada yang tahu mengenai pemecahan masalah ini, sharing donk…..

 

  • Hendra Lin langsung blok domainnya microsoft.com
    hajar habis dari root domain hehehhe……. :)

    November 3, 2010 at 12:21pm · Like

  • Hilfan Soeltansyahnah tu setting nya dimana?

    November 3, 2010 at 1:59pm · Like

  • Hendra Lin di settingan spt diatas….
    lsng microsoft.com mgk gak perlu pakai “www”Bisa juga microsoft update menggunakan port tertentu…

    November 3, 2010 at 2:04pm · Like

  • Hilfan Soeltansyahiya microsoft update memang menggunakan port tertentu, bagaimana kita mengetahui port berapa yang digunakan?

    November 4, 2010 at 1:46am · Like

  • Hendra Lin mgk bisa dicoba pada komputer yg melakukan update
    ke Command Prompt/MS-DOS
    ketik netstat -auntuk melihat koneksi komputer kita… :)

 

 

http://www.stisitelkom.ac.id

http://hilfan.blog.stisitelkom.ac.id

Meningkatkan kemanan ClearOS Server

Meningkatkan kemanan ClearOS Server

Beberapa saran dari Tim Burgess untuk meningkatkan keamanan ClearOS Server anda :

 

1) Create an administration user account so that you rarely use ‘root’. Assign it associated permissions for that level

2) Create a strong password policy, expiry time, minimum length

3) Only open incoming ports for the absolute minimum of services, if you want to refine it further only open a port for traffic originating from a single source IP or subnet using the advanced firewall

4) Disable SMTP authentication if your running a mail server to prevent brute force attacks, ensure that your trusted network ranges are only those on your network

5) Consider adding the Emerging threat rules for virus, trojan, dshield and bot net rules to Snort

6) Ensure all externally exposed web sites / CMS / forum systems are up to date – they are your weakest line of defence

7) Ensure that all folder permissions are correctly locked down on external facing services such as FTP / Web

8) Don’t keep mission critical data on your server.

9) A good reliable backup (offsite) that has been tested I consider to be part of your security, so that you can be restored in the event of a hacking attempt.

10) Don’t use typical user names such as ‘admin’, ‘test’, ‘user’, ‘testuser’, ‘info’. Your system is only as strong as the weakest password on these types of account. You will limit your exposure to brute force attacks. If you need an email address say info@domain.com then setup an alias instead.

11) Monitor your prevention list from time to time, and make sure you understand the difference between a false positive, and be able to lookup an SID alert at snort.org

12) Enable automatic update, or remember to run ‘yum clean all && yum upgrade’ periodically to ensure your system is up to date.

13) Don’t give your users shell logins unless you have to, restrict your user permissions to the services they only need, such as Proxy / Mail

14) Change SSH to anther port by editing /etc/ssh/sshd_config, add another line ‘Port 1234’ and restart the service ‘service sshd restart’.

15) Use encrypted SSH or VPN tunnels to access services behind your ClearOS box – using non standard ports of course

16) Write some custom snort rules to stop people messing with your server! For example, one that blocks people who try and authenticate with restricted usernames on my anonymous FTP server…

17) For mail, enable the AntiMalware policy to quarantine spam above score of 6, so that back scatter spam is limited, and your users inbox is less full Spam with a score between 5-6 will go to your user

18) For the paranoid, consider changing the outgoing firewall policy to block, then allow specific desintation ports.

19) Only enable security rules on the Intrusion Detection page for services you actually run to improve performance

20) If your worried about people bypassing your proxy, then disable transparent mode, enable user authentication and use the WPAD automatic configuration to configure clients on your network.

21) Pay for the ClearSDN remote security audit subscription! not to mention the intrusion protection and antimalware updates

 

Dikutip dari sini : http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,25/func,view/id,24301/#24481

Meningkatkan kemanan ClearOS Server