Hello folk.
We have dedicated apps and mysql community edition servers running on redhat 7.1 enterprise 64-bit running on vmware.
If someone were to steal our hardware and try to hack it, what is the best way to secure them? Do i encrypt the file system or at database level?
Would it affect petformance?
How do I do it?
Thanks
"If someone were to steal our hardware and try to hack it,"
As a general security rule, if someone has access to your hardware and they are keen enough they will have access to your data.
Any suggestions anyone on how to secure the application layer rather than just physical?
Security is a big area where things often don't mean what they seem to mean and the best solutions are dull calls to administrative routine.
What are you trying to secure against? As a broad generalisation the two biggest security threats on any server system are the staff and the OS/Web Server stack. So for the example of Moodle assuming you are running the popular Linux Apache MySQL PHP stack (LAMP), they are a source of vulnerabilities. PHP runs about 80% of all web sites so there are huge numbers of people trying to break it and vastly fewer trying to break Moodle. So to ensure that is as secure as possible you need to ensure you read security updates/patch information and that your system is up to date.
Note that generally the biggest threats to the systems run by educational organisations walks in through the door each morning.
Securing moodle decent start - https://docs.moodle.org/35/en/Security_recommendations
There are lots of guides online for securing Apache, PHP, CentOS, etc. But I agree with Marcus mentioned, once you've got the basics out of the way, the biggest vulnerability are the people with access to it.
Before you go down the rabbit hole though, have you assessed your threats? Have you developed a threat model so that you can secure yourself against you actual threats? https://arstechnica.com/information-technology/2017/07/how-i-learned-to-stop-worrying-mostly-and-love-my-threat-model/
Jerry, you have asked a good set of questions that may well be of help to others.
Thank you everyone.
Short of securing the servers, albeit physical and VMware based platforms they are running, I have decided to secure it application, system and database wide instead.
I got it from a C rating to an A+ but is was so secure that internal scripts don't run (something I want to learn why anyway even though it is set to trusted). They say that A is good enough as this was something they were not aware of anyway.
