# Security implications of installing X on my server

## mark_lagace

Hello security gurus out there!  I have a little server box running Gentoo that I use to share my internet connection amongst my home computers (mine, wife's, child's) which runs as my e-mail server (qmail), web server (for access to e-mail and sharing baby pictures with the family) and a samba file share for storing files that I want access to from any computer in the house.  Up to now I haven't installed X-windows in any form on the server.  Generally speaking, I don't install anything I don't need on the server - it's just an extra potential security risk if someone happens to hack into the system.  Also, until I upgraded it a few weeks ago, the server was running on Duron 900 with 128MB of RAM, a busted video card and no monitor so installing X wasn't really a high priority.   :Laughing: 

Now things are different - the server is easily capable of running X and I'm trying to figure out a good way to use Gnucash from any of the computers in the house to track our finances.  I don't want to leave the gnucash data files on the samba share unencrypted because that computer is always connected to the internet and I'd rather not give a hacker easy access to my spending habits and cash flow.  But, I haven't been able to find an easy solution to automatically encrypts the files after use that could be done from any of the computers in the house.  I should mention my desktop PC is running gentoo, but my wife's is running Windows XP (the child's doesn't matter, as he won't be running Gnucash   :Wink: ). It's simple enough, however, to write up a script that does that under gentoo so I thought one solution might be to run Xming on my wife's computer and run the gnucash script on the server redirecting the DISPLAY to Xming.  (Of course, I can also do the same from my computer).  Keeping the gnucash files on the server also has the added benefit that they'd get automatically backed up as well (since I back up my server automatically, but not my desktop PCs).

So, after this long preamble, my question is - what kind of security implications are there related to installing X windows (and possibly several gnome components) on my server?  Alternatively, is there a better way to keep the gnucash files nicely encrypted that doesn't involve a complex series of instructions to get it to work from both Windows and gentoo (if it's not simple, my wife won't do it)?

----------

## SnEptUne

Your server is that one that connect to Internet and is a file server via Samba, right?  I suppose you have a hardware firewall and iptables or a separated network interface to separate the internal network and the public services.  Are you concerned that your server will be compromised and the gnucash data will be stolen?

If your server is fairly secured, provided that there is no way for Internet user to gain access to your Intranet services and all public services are reasonably isolated (such as running in zone/jail), I don't think encryption is really needed.  Beside, where are you going to store the encryption key?

If your Intranet is not trusted, you may consider strenghtening Samba instead.  Unless there is problem for untrusted entity to get a hold of your gnucash data, encryption just doesn't worth the trouble in my opinion.

Regarding the X-Window problem, as long as X isn't servicable to untrusted users or machines that are at risk of made compromised, there shouldn't be any issues.  Alternatively, you may try nomachine or freenx if you are Interested in running a terminal server.  But if you are just going to use gnucash, sharing the data files should be the simpliest.

----------

## dah

 *Quote:*   

> Your server is that one that connect to Internet and is a file server via Samba, right? I suppose you have a hardware firewall and iptables or a separated network interface to separate the internal network and the public services. Are you concerned that your server will be compromised and the gnucash data will be stolen?

 

You should have some increased concerns with X forwarding (and all the bad ways to get data out that way). You might tighten up sshd to disallow X forwarding. You might also add firewall rules for other X related ports and traffic.

----------

## SnEptUne

Firewall rules are not as effective as actually seperating the services by binding them to a specific interface delicated to LAN, and using a hardware firewall.  Nevertheless, ssh already has encryption, and X forwarding is very useful and secured.  It is way more secured than, say running XDMCP that listen to remote hosts.

Security is not about crippling a system's capacity, it is about integrity and protection from unauthenicated entity.

Methink the main concern is exposing whatever services to public and untrusted users.

----------

## mark_lagace

 *SnEptUne wrote:*   

> Your server is that one that connect to Internet and is a file server via Samba, right?  I suppose you have a hardware firewall and iptables or a separated network interface to separate the internal network and the public services.  Are you concerned that your server will be compromised and the gnucash data will be stolen?

 

That's correct.  The server has the DSL modem connected to one NIC and the internal LAN connected to a different NIC.  I have a set of iptables rules to block all incoming traffic from the DSL connection other than ports 22 (sshd), 25 (smtp), 80(http), 443 (https), 993 (imaps) and anything already established via an outgoing connection (i.e. accept all from ppp0 state RELATED, ESTABLISHED).  While that should hopefully be fairly secure since only sshd, apache, and courier-imap-ssl are listening for outside connections, I'm still a little bit leery that someone might be able to hack in.  It's not something that keeps me up at night, but for now the only data that's on the shared drive are my photos, mp3s and that type of thing which, while not something I want to share with the world, is unlikely to be the target of someone hacking in.

As for the encryption key - I was just planning to use a symmetric algorithm and a password that my wife and I would both know (e.g. tar the gnucash files then gpg -c the tar file).

----------

## SnEptUne

Having port 22 open is quite dangerous.  You may want to at least change the port number or use OpenVPN instead.

Although Linux is quite secure, it is still risky having the box connected directly to the Internet with only a software firewall.

Samba is only binded to the LAN interface, right?

Where will you decrypt the data?  Is it on the workstation, or are you sending the key to the server for decryption?  If you cannot trust the server, the encryption/decryption would probably need to run entirely on client side.  Otherwise, the hacker can just wait until you send the password/key to the server.

GPG should run fine on both Linux and Windows.  It is however, more troublesome since you would need to decrypt and encrypt the file each time you run gnucash.

----------

## mark_lagace

I'm curious as to why having port 22 open is considered dangerous?  Is it common to find security flaws in sshd, or is the danger more related to random attempts to hack in using dictionary-based attacks etc. to guess a username and password?  I have sshd set to disallow root logins, and I use fail2ban to automatically firewall off any ip addresses that have 3 or more failed login attempts.  It seems to me that changing the port from the default (22) won't do much to increase security given that it's trivial to do a port scan and then simply try to establish an ssh connection with any open ports.

But I digress....

From the discussion so far, I gather that installing X-windows on the server is unlikely to significantly affect the security of the system as a whole as long as all of the standard intrusion protection systems (i.e. firewall, secure passwords, log checking etc.) are in place.

P.S. Yes, samba is bound to the internal lan only.

----------

## SnEptUne

Yeah.  Installing X-server should be fine.

Regarding opening port 22.  It is indeed possible that sshd will have exploit, but the main concern is that there are bunch of script kiddie trying to brute force attack port 22 when it is found open.  It is much more unlikely for people to scan uncommon ports, let alone trying to attack the service.  If you have username/password like test/test, etc... or if some other administrator created an easy to guess account and password, good luck trying to block hackers. :p

If you are the only one who will use ssh, it isn't that troublesome to use another port.  Something this simple can greatly reduce the risk.  Or just use OpenVPN.

However, I don't see how installing X-server will help with your situation.  You are running the program on your workstation, right?

Or are you planning to run the application on your server?  If your server isn't trustworthy, is it really a good idea to run gnucash on your server?  It defeats the purpose of encrypting the data in the first place.  You may as well leave it unencrypted.

----------

## Hu

Yes, an active attacker can run a port scan and then begin attacking an sshd that listens on a non-standard port.  However, you are assuming that your only concern is an intelligent adversary who knows to run the port scan.  Given the sheer number of ssh break in attempts reported, I have to believe that a great many of them are initiated by robots performing straight dictionary attacks.  Such robots may not be smart enough to search for sshd on a non-standard port, so moving sshd automatically defeats that class of robots.  It does not eliminate all the attackers, but it should cut their numbers appreciably.

----------

